Raoul Bova's case: more than privacy, it's the penal code that's involved.

According to media reports, the " Bova case " can be summarized as follows: a person sends messages to another person within the context of a personal relationship . This person—either intentionally or through negligence —made these messages available to an acquaintance and, in one way or another, to the manager of a YouTube channel dedicated to "news, entertainment, and current affairs." Before the audio in question was released, Bova allegedly received an offer not to distribute the files in exchange for some benefit—presumably money. The offer was declined, and the audio file was released in a video on the aforementioned YouTube channel.

So far, the facts, commented on as "breach of privacy" by the Italian Data Protection Authority, even though that's not exactly the case. Let's see why.

Disclosing messages received is not automatically a crime

It is clear that the exchange of messages via WhatsApp can be legally classified as "correspondence " and as such its violation by persons other than the recipient is punishable by various articles of the penal code.

For example, the crime of correspondence violation (punished by Article 616 of the Code) is committed by anyone who "gains knowledge of the contents of closed correspondence, not addressed to him, or who removes or distracts, for the purpose of gaining knowledge of it or having others gain knowledge of it, closed or open correspondence, not addressed to him." Article 618, meanwhile, penalizes anyone who reveals the contents of confidential and secret correspondence not addressed to him. Clearly, the common thread between these crimes is that the perpetrator must be someone other than the sender and the recipient.

However, in the case of the messages sent by Bova, the person who first distributed them would have been the recipient, therefore the person to whom they were addressed and consequently could not have committed a violation of correspondence (at least, within the terms of Article 616 of the Criminal Code).

What are the risks for those who spread messages not intended for them?

The situation is different for those who had access to the messages in question.

This person—or persons—could have acquired them in only two ways: either they received them from the recipient, or they took possession of them without her knowledge. In the first case , they would have been required to keep the messages confidential , and therefore, if they revealed their contents, they committed a crime . In the second, they would also have committed an additional criminal offense, that of unauthorized access to a computer or telematics system, given that a smartphone can clearly be classified as such.

Furthermore, if the request for sums of money or other benefits to prevent the messages from being spread were proven, then the crime of (attempted) extortion would come into play, punishable by five to ten years of imprisonment.

Finally, if the initial recipient of the messages was involved in the extortion, then she could be charged with aiding and abetting the crime or even conspiracy to commit extortion, which are even more serious crimes that cannot be handled with a normal "plea bargain"—accepting a conviction in exchange for a reduced sentence, while remaining free.

The role of the civil judge

To complete the defense of those in Raoul Bova's situation, if the dissemination of private correspondence is not—at least initially—classified as a crime, it would always be possible to turn to a civil court to obtain compensation for damages arising from a tort.

The court, in fact, has the power to issue "precautionary measures" that can include the seizure of files, a ban on their use, their removal, and a ban on access to the publishing platform, as well as imposing a fine for each day the infringing content remains posted. It's also worth remembering that failure to comply with a judge's order is punishable by Article 650 of the Criminal Code, so it's best to avoid turning a blind eye to such a measure "because you won't end up in jail anyway."

The limits of the (authority for) personal data protection

Although considered obsolete, our judicial system offers broad protection to those whose rights are violated, even "via electronic means ." This protection is not limited to the protection of privacy, but also punishes unlawful behavior that makes the violation of privacy a prerequisite for the commission of far more serious crimes.

Therefore, victims of events like those described in the Bova case will find greater protection by turning to the judiciary rather than independent authorities , whose powers are, by law, very limited. The guarantor authority can only address non-compliance with the European regulation, regardless of whether the complainant has suffered harm or not. This latter aspect, in fact, is a matter for the judiciary .

What future for online protection of vulnerable parties?

The "Bova case" clearly illustrates how the ease of access and widespread diffusion of communication and content-sharing tools can facilitate the commission of crimes against fundamental rights even without an active role on the part of the platforms.

This makes it even more important to understand that, in a technological ecosystem, the true line of defense lies not only in the important principles of privacy, the protection of personal data, and independent authorities, but above all in the consolidated provisions of the Criminal Code and the role exercised by the courts. It is there that we find the strongest protections and the most effective tools to sanction behaviors that, exploiting the speed of information technology, can quickly escalate into crimes such as extortion or unauthorized access to computer systems, which are more serious than the mishandling of personal data.