Ryan Calo writes:
Reading through Italian news coverage of the Google Italy case, another picture emerges. User privacy may well be at issue, but not in the way you probably think. I grew up in Italy and now research and teach Internet law in the United States. When I heard about the verdict against three Google executives, one of them an alumnus of the law school where I work, I went first to American sources, then to Italian ones. What I found was that most Americans may be getting the basic facts and ideas of the case wrong.
The prosecutor brought two sets of charges against Google’s executives. The first sought to hold them criminally liable for the defamatory acts of the kids that uploaded the offending video. This charge was thrown out, likely on the basis of an Italian law—Article 17 of Legislative Decree 70—that mostly resembles our own federal immunity for content uploaded by third-parties. We’ll see when the court publishes its reasoning in a few months.
The second set of charges, of which the Google executives were actually convicted, are supposed to be about privacy—namely, criminal liability for violating provisions of the Italian Personal Data Protection Code. But as Susan Crawford told the New York Times, “[a]ny concern for privacy in this case is a pious cover.” Indeed, it appears that the prosecution sought to use these infractions as a way to defeat the above-mentioned immunity, on the theory that Article 17 protection is not available to criminals. (UPDATE: Chris Parsons pointed me toward a post over at Out-Law explaining that data privacy violations are not entitled to immunity at all under EU law.)
Read more on CIS.