The Italian Supreme Court – III criminal branch ruled that “light spam” is not a criminal offense under both the pre and post GDPR enforcement in Italy.
Section 167 of the Italian Data Protection Code holds as a criminal offense the illegal processing of personal data when the processing is carried on by causing “nocumento” (a legal concept different from “damage”, “tort” or “threat”, that is related to the causation of an infringement of the personal or financial sphere of the individual ). So, for somebody to be charged of this criminal offense, the sole element of unauthorized processing is not enough.
The Court made clear that receiving a few unsolicited emails creates a mere annoyance, so deleting some message doesn’t trigger the “nocumento” requisite to turn the fact into a criminal offense.
Another important finding, is that the “nocumento” requisite is part of the mens rea, therefore the Public Prosecutor must provide evidence that the illegal processing has been carried on with a specific will to create “nocumento”. Therefore, the mere acceptance of the risk that some processing might create harm doesn’t allow to be charged of illegal processing.
Finally the Court qualifies the criminal offense set forth by section 167 of the Data Protection Act as “Actual Danger Offense”. Under the general theory of criminal law this means that for a processing to be hold as criminal is not enough to foresee an abstract danger for the data subject, but it is necessary the danger to be actual. The difference might looks like hair-splitting, but it actually doesn’t because it draws the line between a guilty and not-guilty verdict.