No, sharing passwords in Italy violates the Codice in materia di protezione dei dati personali (Legislative Decree 196/2003) and the EU General Data Protection Regulation (GDPR), as it breaches confidentiality obligations. The Garante per la protezione dei dati personali (Italian DPA) has fined entities for such practices, emphasizing unauthorized access risks. Since 2026, stricter enforcement under the Digital Services Act (DSA) further penalizes non-compliance, with potential administrative fines up to €20 million or 4% of global turnover.
Key Regulations for Sharing Passwords in Italy
- GDPR Article 32 (Security of Processing): Mandates technical measures to prevent unauthorized access, including password confidentiality. Sharing credentials undermines this duty, exposing data to breaches.
- Italian Penal Code (Art. 615-ter): Criminalizes unauthorized access to computer systems, with penalties up to 3 years imprisonment if passwords are shared knowingly, even within organizations.
- DSA (Regulation (EU) 2022/2065): From 2026, platforms must ensure user authentication integrity. Password sharing violates platform terms and exposes providers to liability under Art. 12 (Due Diligence Obligations).
Organizations must enforce multi-factor authentication (MFA) and prohibit password sharing via internal policies, documented in compliance registers. The Garante has sanctioned entities for failing to implement such controls, reinforcing the legal risks.