New Assoprovider Webinar: with lawyer Sarzana di S. Ippolito, during APWeb1123 we delved into the Parental Control regulations, also in light of the upcoming deadline on November 21.

On November 14, Assoprovider organized an event with Fulvio Sarzana di Sant'Ippolito, a legal expert in TLC, to discuss the recent regulatory developments on Parental Control. During the meeting, various regulatory aspects of this type of systems were examined, including the new guidelines from AgCom and the Caivano decree law, focusing on the responsibilities of telecommunications operators and connected device manufacturers, as well as the implications for privacy and the protection of minors.

To review the full recording, including the "Questions and Answers" session with lawyer Fulvio Sarzana, visit the official Assoprovider YouTube channel:

Parental Control according to Law 28/2020

Last October, Assoprovider organized a webinar on the topic of Parental Control, the summary of which you can review at this link. However, the new session became necessary in light of the imminent application of the AGCOM guidelines in the matter, whose deadline is scheduled for the November 21, 2023. The government has also introduced the Caivano decree law, not yet converted into law at the time of recording, which includes relevant provisions on Parental Control.

First of all, let's briefly summarize the information shared in the previous meeting. Law 28/2020 introduced the concept of Parental Control, granting specific powers to AgCom. The legislator's objective is protect minors from inappropriate content on the internet. This is achieved through a filtering system that prevents access to platforms with content not suitable for minors, regardless of the type of connection used (fiber optic, broadband, 4G, 5G).

It is important distinguish between illegal content, which are regulated by specific regulations and allow authorities to order providers to block access, and legitimate but inappropriate content. In the case of Parental Control, we focus on this latter category: filtering aims to prevent minors from coming into contact with content deemed inappropriate.

Depending on whether the content is illegal or inappropriate, different regulatory obligations and responsibilities are activated for providers.

The current legislation stipulates that contracts for the provision of electronic communication services must include, among the pre-activated services, parental control systems to filter inappropriate content for minors and block content reserved for adults. These services must be offered free of charge and must be able to be deactivated upon request of the consumer, provided that they are of legal age.

Operators must also ensure adequate information on these systems, to enable consumers to make informed choices.

The original regulation, therefore, did not specifically define what constituted inappropriate content, nor which authority was responsible for overseeing the failure of electronic communication service providers to implement it. Both topics were instead addressed in the AgCom Guidelines, which were further explored in the continuation of the event.

The AgCom Guidelines of January 2023

In January 2023, AgCom adopted new Guidelines on Parental Control, introducing significant aspects:

• Parental Control systems must be automatically activated on all new lines telephone and internet. For existing lines, automatic activation applies only if registered to a minor.
• Contract holders, if of legal age, can request the deactivation of the system. In the case of underage users, deactivation can be requested by the person responsible for parental guardianship.
• For other already active lines, the Parental Control service is offered but its activation remains optional.

It is also important to remember that these guidelines do not apply to business customers.

The AgCom provision has also defined the content categories subject to filtering:

• Adult content
• Gambling and betting
• Weapons
• Violence
• Hate and discrimination
• Promotion of practices harmful to health according to established medicine
• Anonymizer
• Sects and cults

By November 21, telecommunications operators should communicate the categories used in their Parental Control systems and include at least the blocking of domains and websites containing the aforementioned materials.

AGCOM has the power to issue warnings, if it discovers that an operator has not implemented the Parental Control service on the networks of its private customers. The operator has therefore 20 days time to comply with the regulations. Operators can therefore choose not to notify the Authority in advance of the system's presence, but in the event of a warning, they must comply. This choice is at the discretion of each operator.

However, as repeatedly emphasized by Sarzana, the actual obligation concerns the sphere information. Operators are indeed required to provide clear, transparent, and comprehensive information to its consumers on Parental Control systems, always by November 21. How should the information be communicated? On official websites, particularly on the homepage, where details on the configuration, deactivation, and reactivation of parental control must be available. This information must also be provided in self-care and customer-care areas. For fixed telephony, the information must also be communicated by attaching a notice in the billing.

The Caivano Decree

Decree 123/2023, also known as “Caivano Decree“, aimed at combating youth distress, emphasized the information obligations telecommunications operators, who represent a fundamental aspect of the regulations related to Parental Control, especially for providers.

The decree extends the existing obligations for electronic communication service providers, also including manufacturers of devices such as computers, smartphones, tablets, video game consoles, and other connected objects (such as Smart TVs, home automation devices, Internet of Things, and voice assistants). These manufacturers are required to implement and make available Parental Control applications within one year from the publication of the Decree, thus setting the deadline as September 16, 2024.

The provisions directed at ISPs (Internet Service Providers) are therefore to be considered immediately applicable, while those aimed at device manufacturers will come into effect starting from September of next year.
Furthermore, the decree reiterates certain specifications privacy restrictions: personal data collected or generated during the use of parental control applications cannot be used for commercial purposes or profiling. This measure aims to safeguard the privacy of users, particularly minors, in the context of using such applications.