Police database information may be useful in investigations, but their procedural use—especially without safeguards—risks violating the right to privacy, defense, and presumption of innocence. If left unchallenged, the system enables surveillance without transparency, redress, or expiration.
Please note that the Italian Police database (CED) is not the same as the Italian Criminal Records Database (Casellario Giudiziale). The Police Database contains broader and often preliminary information, including police reports and investigations that may never result in a trial or conviction. The criminal records database, on the other hand, contains only final judicial decisions and is managed by a different authority (see here).
Background and Risks of Police Data Banks
Italian plice database is called Centro Elaborazione Dati, Central Data Processing Center (CED), and was established within Italy's Ministry of the Interior in 1981, as part of a reform of public security administration under Law 121/81.
The CED aggregates records from numerous police forces. As of 2017, there were at least 64 such databases containing personal information.
All police forces are legally required to contribute data to the CED, including information gathered from investigations, public administration documents, judicial rulings, and both administrative and preventive policing activities. This is mandated by Articles 6 and 7 of Law 121/81, further reinforced by Law 128/2001.
This integration aims to make information instantly accessible and usable by all police forces, even if they didn't generate the original data. However, the Italian Data protection authority, Garante per la Privacy, has long criticized the system for its excessive data volume (over 95 million records), overly broad information scope, and the massive number of people authorized to access it — over 130,000 individuals across 12,000 offices as of 2005.
Despite reforms, the trend has worsened: Law 132/2018 expanded both the data types included and the entities permitted access (including municipal police in large cities), along with allowing 20-year retention of unsubstantiated crime reports.
What Data Is Stored in the CED?
The CED contains extensive data, including:
- Records from investigations, public institutions, and judicial rulings
- Information gathered from administrative or preventive policing
- Banking and personal details authorized by judicial mandate
- Surveillance data (nicknames, vehicles, residences, known associates, etc.)
- Data from interconnected databases (e.g., municipal or tax records)
These data are heavily used by police and judicial bodies. However, once entered, they are not updated or deleted automatically—even after acquittals. The person concerned must file a request, which usually is delayed and denied. But even then, deletion is allowed only if the data are inaccurate or unlawfully acquired. Courts have repeatedly upheld this (Itlaian Supreme Court rulings from 1992, 1994, 1996, and 2018).
This creates a permanent shadow on individuals who may have been accused but never convicted, reinforcing a harmful culture of suspicion.
Legal Use of CED Data in Proceedings
The legal use of police data is (theoretically) limited.
The Constitutional Court has clarified that a complaint or police report proves nothing about a person’s guilt or danger (ruling 466/2005). Using such data in trials or administrative decisions (like for gun licenses or preventive measures under the Anti-Mafia Code) is comon, but undermines due process and presumption of innocence.
Using secondhand data, especially without the individual’s ability to challenge it, threatens fundamental rights, particularly the right to defense. If the original sources aren't provided, using CED-derived data can be a legal violation.
European Court of Human Rights (ECHR) Position
The ECHR has repeatedly ruled that long-term data retention without conviction violates Article 8 of the European Convention on Human Rights. In Brunet v. France (2014) and M.K. v. France (2013), the Court found that storing data from complaints—when a person was acquitted or the case was closed—was disproportionate and stigmatizing.
The Court stressed that even if data do not explicitly label someone guilty, retaining them for up to 20 years creates a climate of suspicion. Especially when the person has no realistic path to request deletion, this constitutes an interference with privacy not justified in a democratic society.
Who Can Access the CED?
Access is permitted for:
Police and judicial officers
Security services
Other authorized public officials
Access abuse is punishable under Law 121/81 and Articles 326 and 615 ter of the Penal Code. Yet with tens of thousands of users and weak oversight, misuse risks remain high.
Can You Delete or Update Your Data?
theoretically yes, in practice, no (until Fume 18th, 2025, when mytest case lead to success, forcing the Itlaian Government to disclose the stored data about me).
The system leans heavily toward data retention. Even acquittals don't result in deletion—only an optional update to note the outcome. Deletion is allowed only for illegal or incorrect data. This interpretation has been consistently upheld in Italian case law.
Authorities recently claimed that only the originating police unit can update records. But the law clearly states that individuals may request updates from the Central Criminal Police Directorate (Art. 19, Law 121/81). That’s where requests should always be sent.
How Long Is Data Kept?
Retention ranges from 3 to 30 years depending on the type and outcome of the record:
3 years: Annulled or revoked decisions
8 years: Expired penalties
5 years: Preventive or public safety actions
10–30 years: Serious convictions, expulsions, DNA/fingerprint data, or investigative files
These durations may violate Article 8 of the ECHR when applied indiscriminately or without the possibility of meaningful challenge.
How to Check What’s in Your CED File
To find out what data the CED holds:
File a formal access request to: DIREZIONE CENTRALE DELLA POLIZIA CRIMINALE
Ufficio affari giuridici e contenzioso
Via Torre di Mezzavia, 9/121 – 00173 ROMA
PEC: [email protected]
If you’ve been acquitted or your case was dismissed, request an update noting this outcome.
Full deletion requires legal action and may even require appeal to the European Court of Human Rights in a strategic litigation claim (but nartional remedsies need to be exhausted).
Authorities are legally required to provide intelligible information about your data (Art. 19, Law 121/81), but often respond with vague statements like “your data is updated,” without explaining what the data contains.
Facial Recognition and Data Expansion
Italy also employs biometric systems like SARI (Facial Recognition System), tied to the AFIS fingerprint database with data from over 16 million people. These tools can be used to identify individuals at public events—even without suspicion of wrongdoing. Despite concerns from privacy authorities, real-time facial recognition remains poorly regulated and potentially rights-infringing.
Final Thoughts
CED data may be useful in investigations, but their procedural use—especially without safeguards—risks violating the right to privacy, defense, and presumption of innocence. If left unchallenged, the system enables surveillance without transparency, redress, or expiration.