Abstract
The aim of this article is to investigate the extent of institutionalization of Data Protection Authorities and the evolution of the regulative policy style by comparing the implementation of the European Data Protection Directive 46/1995/CE in two European countries, France and Italy. The analytical framework of the empirical research is based on the institutionalization theory and on the policy style framework (section one). Section two analyses the origins and the transformation of the French data protection authorities (CNIL). Section three focuses on the birth and the transformation of the Italian authority (the Garante). Section four compares the quantitative and qualitative evolution of the regulative activities of the two institutions. Section five analyses the transformations of the data protection regulative policy style by referring to the crucial role played by the leadership of the Data Protection Authorities in two different national contexts.
Notes
1. European Privacy and Data Protection Commissioners' Conference, “Declaration on Leadership and the Future of Data Protection in Europe”, Edinburgh, April 23–24, 2009, http://www.edps. europa.eu
2. The major European Directives are the follows: Directive 95/46 CE, October 24, 1995; Directive 97/66 CE, December 15, 1997; Directive 2000/31CE, June 8, 2000; Directive 2002/58CE, July 2002; Directive 2006/24CE, March 15, 2006 and the Directive 2002/21CE , April 24, 2002. To these Directives, we add the Fundamental Human Rights Charter of the European Union 200/C 364/01 (Art. 8).
3. The Defenseur des Droits is an independent administrative authority (IAA) created by the fusion of three IAA: the Mediateur de la Republic, the Defenseur des enfants and the Commission Nationale de Deontologie de la securité.
4. Decree No 2005-1309 of October 20, 2005 enacted for the application of Act No. 78-17 of January 6, 1978 on Data Processing, Files and Individual Liberties (amended by Decree 2007-451 of March 25, 2007); consolidated on March 25, 2007 (Art. 9, 10 and 15).
5. The populations of France and Italy are comparable in dimensions: France has about 65 million inhabitants and Italy has about 60 million. So we can say that the variable of the density of the population is irrelevant in influencing the national demand of individual data protection rights.
6. In France there are 34 IAA; many of them have competence very close to and embedded with the CNILs, i.e. the Commission Nationale de controle des interceptions de securitè (CNCIS), the Commission d'acces aux documents administratifs (CADA) and the Defenseur des Droit (DDD).
7. The previous presidents of the CNIL are: Pierre Bellet (1978–1979) judge; Jacques Thyraud (1979–1983) politician; Jean Rosenwald (1983–1984) councillor of the Court des Comtes; Jacques Fauvet (1984–1999) journalist and Director of the Societè General des Presse; Michel Tentot (1999–2004) administrative judge.
8. Stefano Rodotà holds the chair of civil law at La Sapienza (University of Rome). On the way to his presidency of the Italian authority he was elected member (1979–1994) and vice-president of the Chamber of Deputies in Italian Parliament. He was a MEP from 1983 to 1994 and a member of the Parliamentary Assembly at the Council of Europe. He helped draft the charter of Fundamental Rights of the European Union. Franco Pizzetti is full professor of Constitutional Law at the University of Rome and Malta. He served as deputy-mayor of Turin (1990–1993) and has served the government on several conferences and commissions and was director of the Italian Superior School of Public Administration (1998–2001).