Yes, scraping public data in Italy is generally permitted, but only if compliant with GDPR, the Italian Personal Data Protection Code (Legislative Decree 196/2003, as amended), and the Decreto Trasparenza (2023). Publicly accessible data does not automatically confer unrestricted reuse rights. The Garante per la Protezione dei Dati Personali (GPDP) enforces strict limits on automated collection, particularly when data subjects are identifiable. Recent 2026 amendments to the Digital Services Act (DSA) further tighten obligations for large-scale scrapers operating in Italy.
Key Regulations for Scraping Public Data in Italy
- GDPR & Italian Data Protection Code: Automated scraping of personal data triggers lawful basis requirements (Art. 6 GDPR) and strict purpose limitation. The GPDP has fined entities for excessive data harvesting under Art. 5(1)(c) GDPR.
- Decreto Trasparenza (2023): Public sector data must be scraped in compliance with open data licenses (e.g., CC-BY 4.0). Machine-readable formats are mandatory; scraping for commercial purposes without authorization violates Art. 7 of the decree.
- EU DSA (2026 Application): Platforms scraping public data at scale must publish transparency reports (Art. 37 DSA) and allow opt-out mechanisms for data subjects under Art. 38. Non-compliance risks fines up to 6% of global turnover.
Scraping anonymized or aggregated public data (e.g., statistical releases) faces fewer restrictions but must avoid re-identification risks. The GPDP’s 2024 guidelines explicitly prohibit “scraping-as-a-service” models that circumvent consent requirements. Always conduct a Data Protection Impact Assessment (DPIA) for high-risk operations.