Italian Data Protection Authority: The "Exodus” Trojan Case –

12 aprile 2019

The "Exodus” Trojan Case – "Appalling”, said Antonello Soro'
(Ansa, 30 march 2019)

"What happened is appalling. The fact that hundreds of people having no connections whatsoever with criminal investigations have been intercepted because of a flaw in a Trojan used for those investigations is quite worrisome. More in-depth inquiries are necessary into this incident, and the Garante will also step in as appropriate.

The exact circumstances of the case have yet to be clarified and the chain of events must be brought to light. Nevertheless, what is unquestionable is that tools like these Trojans are quite dangerous: they can help investigations, but are also liable to give rise to unacceptable breaches of citizens' freedoms if they are deployed without the barest technical safeguards. We had drawn the Government's attention to these issues when we gave our opinion both on the draft legislative decree amending the interception laws – which also introduced regulations on the use of Trojans – and on the draft implementing decree that was supposed to lay down the appropriate safeguards in selecting the software for those purposes.

There is a lesson to be drawn from this case: we must be resolute in preventing similar breaches from occurring in future,  being aware that no mistakes may be allowed for in such a sensitive area – where investigational powers go hand in hand with no less strong technological applications. Investigational tools such as those at issue must be kept at the disposal of law enforcement bodies, as provided for by the law, but only if they are coupled with robust safeguards to protect citizens' freedom."

Retrieved from https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9101790

Archivio news

 

News dello studio

lug13

13/07/2026

Google Android: the Court of Justice upholds Google’s fine of around €4.1 billion

Judgment of the Court of Justice of the EU in Case C-738/22 P | Google and Alphabet v Commission The appeal brought by Google and its parent company Alphabet against the judgment of the General Court

lug13

13/07/2026

Judgment of the General Court in Joined Cases T-1079/23, T-1080/23 | Apple v Commission and T-214/24 Apple and Apple Distribution International v Commission

Digital services: the General Court of the EU dismisses Apple’s actions regarding its designation as a gatekeeper in relation to the App Store and iOS The General Court also rules that

lug13

13/07/2026

Opinion of the Advocate General in Cases C-535/25 | Amazon Italia Logistica, C-536/25 | Amazon Italia Services and C-537/25 | Amazon Italia Transport

According to Advocate General Campos Sánchez-Bordona of the Court of Justice of the European Union, companies in the Amazon group provide postal services in Italy Consequently, the requirement