I won't be attending my trial in Milan in person. I'll be represented by outside counsel. I believe that each of my 3 co-defendants has reached the same conclusion. As for me, I'm under clear instructions from my outside counsel not to set foot in Italy, at all. That's a tragedy, since I love Italy. It means I won't be speaking at this privacy conference in Bologna in May, which still seems to be advertising me as a speaker:
Why? Well, Italy has a legal concept which is unknown in Anglo-Saxon countries: namely, that an employee of a company can be held personally criminally liable for the actions or non-actions of the corporation he works for. Moreover, Italy has also criminalized much of its data protection laws, meaning that routine data protection questions can give rise to criminal prosecutions. As everyone in the field of privacy knows, data protection laws are full of sweeping statements that need to be interpreted with judgment and common sense. But imagine the consequences if every data protection decision made by a company can be second-guessed by a public prosecutor with little knowledge of privacy law. Does that mean that a data protection lawyer working for a company is running the risk of personal criminal arrest and indictment and prosecution for routine business practices? Well, I guess you can see why I've been advised not to set foot in Italy. I'm sure such prosecutions will remain rare, and perhaps my current prosecution will the be last of its type. But maybe not. And working for one of the world's most visible Internet companies puts me at more risk than most of my colleagues in the field of data protection, as the current prosecution has shown.
Italy is my favorite country in the world to visit. What a shame.