2024 Annual Report of the Italian Data Protection Authority to Parliament

The presentation of the 2024 Annual Report by the Italian Data Protection Authority to the Chamber of Deputies represents a key event not only for institutions, legal professionals, and stakeholders, but also for all citizens. In a fast-evolving technological context—marked by the advent of artificial intelligence and the relentless digitalization of processes and services—privacy protection continues to be a fundamental pillar of democracy and digital trust.

Key Figures of 2024: A Year of Challenges and Actions

The report clearly highlights how complex and interconnected the landscape of data protection has become:

• 2,204 data breaches were reported across both public and private sectors—evidence of increasing exposure to risk and the need for a rigorous, proactive approach from all actors, especially in light of the Authority's increasingly strict sanctions in serious cases.
• 130 inspections were carried out, focusing on highly innovative areas: digital identity systems (SPID), facial recognition, video surveillance, and artificial intelligence applications. These audits underscore how the privacy challenge is increasingly intertwined with technological innovation and cybersecurity.
• 835 collegial decisions were adopted, including 468 corrective and punitive measures—a strong signal of the Authority’s growing attention to both repressive and preventive efforts concerning the most relevant violations. Sanction-related payments amounted to €24,430,856.45.
• Over 16,000 inquiries were handled by the Authority, reflecting a growing and tangible interest in data protection and the need for clear and authoritative communication to support citizens and businesses.

Privacy and Artificial Intelligence: Assessments and Perspectives

In 2024, the Authority focused on the profound implications of adopting artificial intelligence in key sectors: from digital healthcare to age verification, digital identity management, and the risks linked to web scraping for algorithm training. The dialogue between technological evolution and legal regulation is becoming increasingly intense, leading the Authority to reaffirm the need for strict, up-to-date governance in response to emerging digital scenarios.

Audit activities and decisions also addressed the sensitive issues of automated decision-making and profiling, as well as the cybersecurity of public and private infrastructures. The report calls on all data controllers to maintain a high level of awareness and responsibility in terms of both technical and organizational security.

Culture of Compliance: Rights and Trust at the Core

The Authority’s assessment is clear: building a culture of compliance and data security is no longer a mere regulatory requirement. It is a safeguard for the fundamental rights of individuals and an essential foundation for digital trust in society and the marketplace.

A renewed call is made to all stakeholders—public and private—to invest in training, continuous process updates, and transparency, in order to strengthen a digital ecosystem that protects the dignity, freedom, and security of every individual.

The 2024 Annual Report of the Italian Data Protection Authority portrays a country where personal data protection is no longer just a technical issue, but a social, legal, and ethical matter. From managing data breaches to AI innovation, the challenge is ongoing and demands that all players rise to the occasion—working together to build a safer, more inclusive, and more transparent digital future.