The Italian Data Protection Authority (Garante per la protezione dei dati personali) has given a favorable opinion on the draft decree of the President of the Council of Ministers (D.P.C.M.) that regulates the operation of the Delegation Management Platform. This new decree states that, through the Platform, any citizen registered in the National Register of Resident Population, can delegate up to two subjects to access online services provided by public administrations that require electronic identification (CIE, SPID).
The draft decree, which falls within the implementation program of the PNRR, outlines the technical characteristics, architecture, security requirements, procedures, data types, and categories of interested parties for the Platform. In addition, specific measures and guarantees have been introduced for the manner of granting delegations and for defining their scope of applicability, excluding professional delegations conferred on professionals or authorized intermediaries, as well as services intended for professionals and employees for the performance of professional activities or in fulfillment of a legal obligation.
The draft also introduces a maximum number of delegations that a delegate can hold and the proper articulation of the ways to exercise representation powers. The authorities put particular emphasis on holding each PA accountable in identifying delegable services and classifying online services (services that can be delegated to everyone, services that can be delegated only to certain types of delegations, and services that cannot be delegated through the Platform).
A special regime is then provided for services delivered through the Electronic Health Record (FSE 2.0), the Health Data Ecosystem (EDS), and the National Telemedicine Platform (PNT), considering their sensitivity. In any case, the Garante reserved the right to evaluate personal data processing implemented by all parties involved once the Platform is fully operational.
