Report by Emanuela Ceva (University of Geneva)
Ethical Aspect
The initial reference to general principles (Preliminaries) is in line with (what I take to be) the general perceptions of what matters from an ethical point of view in this context (especially as refers to transparency and accountability).
I am more skeptical about the reference to “harm” because it is very generic (what counts as harm? What harms exactly?). Perhaps to list some examples of what kinds of harm are
relevant in this context may increase the clarity of the document.
Otherwise, the policy is very parsimonious in terms of reference to ethical values so I do not expect it could be contested on ethical grounds. The downside of this aspect is that the price to pay for being so little controversial is a degree of vagueness (see below). Vagueness is problematic because it may create interpretative misunderstandings (e.g., what is harm?) and ultimately fail to offer ethically binding action-guiding indications to the concerned parties.
Contextual Aspect
The specificity of the Rules for disclosure in particular situations could be improved. For example, it is not clear what means of communication will be used to inform the concerned party that an investigation is under way. Italians are becoming increasingly familiar with registered email communications for formal acts (via the so-called PEC: https://www.pec.it/en/information.html) although the “raccomandata” (registered mail) remains the most formal and official means of informing about some legal act being undertaken (fines and communications from the fiscal authority are sent this way).
Point 2.5 (“In particular cases, there may be reasons to deviate from this policy”) might create controversies and invite abuses of discretion. To mitigate the risk, a list of possible exceptions could be provided (minding to mention that the list is indicative but not exhaustive).
The point concerning “Complaint dismissed prior to investigation” might be perceived as excessively arbitrary. The perceived risk is that the competent entity might purposefully consider that the bases for the complaint are wanting / insufficient so as to brush off certain complaints (to protect some people’s interest that the complaint might undermine). To have specific criteria that define when evidence is wanting might help in this context.
An important cultural aspect to consider for the Italian context is the increasing concern with curbing corruption. When norms (or policies) have too vague a formulation or leave large margins of discretion in their implementation, an alarm bell goes off, as it were, that arbitrary behavior may be encouraged (thus leading to a corrupted use of the norm/policy). I think this is a very country specific risk (which would not apply, to the Swiss context discussed below at all, quite the opposite), but one that could be mitigated by increasing the specificity of some of the formulations.
Legal/Contractual Aspect
The current privacy law may be quite restrictive of the kind of information that could be released and how. I am not a legal expert, but would advise your legal office to consider the current national data protection regulations (Home - Garante privacy en - Garante Privacy). Also there is a national law on whistleblowing which could be taken into account: The Italian Whistleblower Protection Law - WhistleB
Modifications
I think that the text, as it stands, is at traits too vague to be effectively action guiding (see above). To provide some concrete examples (e.g. to name some of the relevant harms that any disclosure should avoid) might be helpful to enhance this aspect.