Rocco Panetta

Practice Areas

Rocco Panetta is the Chairman of Panetta Consulting Group and Managing Partner at PANETTA Law Firm. He previously served as a senior executive at the Italian Data Protection Authority. Recognised nationally and internationally as a leading expert in technology law, data governance, and AI strategy, he has played a pivotal role in shaping legal frameworks in these fields.

In 2023, he was dubbed the “AI Lawyer” for representing major international companies in landmark proceedings before the Italian Data Protection Authority, which were the world’s first cases on Generative AI.

Since founding his firm, he has held numerous key positions across multiple sectors, including:

• Data Protection and AI Compliance;

• Information Technology (IT) and Telecommunications (e.g., outsourcing, internet, e-commerce);

• Cybersecurity, Forensic Investigations, and Cloud Computing.

As a Data Protection Officer (DPO) since 2018 and Consultant since 2008, he has advised both public and private entities across multiple industries, including:

• Technology & Artificial Intelligence;

• Luxury;

• TMT (Technology, Media, and Telecommunications);

• Health;

• Banking & Finance;

• Energy;

• Insurance;

• Food Retail.

Professional Memberships

Rocco Panetta is a certified CIPP/E, Uniter, and TUV professional, he currently serves as the Country Leader for Italy at the IAPP and is a former member of the IAPP Board of Directors.

Publications

Author of over 150 publications, including monographs, legal codes, and editorial series, his insights are regularly featured in Il Sole 24 Ore, Agenda Digitale, Repubblica, and Corriere delle Comunicazioni.

MAIN PUBLICATIONS

CODES:

Codice delle Energie Rinnovabili e dell’Efficienza Energetica, 2010, Edizioni Ambiente, Milano;

2005 Codice Privacy.

BOOKS:

2024 “The AI Act: A compass for approaching legislation with innovative and disruptive effects”, Journal of Data Protection & Privacy, Henry Stewart Publications, vol. 6(4), p. 318-331;

2021 Il Data Protection Officer tra Regole e Prassi, Giuffrè, Milano;

2019 Circolazione e Protezione dei Dati Personali, tra libertà e regole del mercato, Giuffrè, Milano;

2006 Libera circolazione e protezione dei dati personali II Volumi, Giuffrè, Milano;

2003 Il danno ambientale, Giappichelli, Torino;

2002 Le modifiche alla normativa in tema di privacy. Commentario al d.lgs. n. 467/2001 in tema di privacy e protezione dei dati personali – New Rules on Privacy in Italy, published by La Tribuna, Piacenza;

2024 Commerciabilità dei dati personali. Profili economici, giuridici, etici della monetizzazione, il Mulino, Bologna;

2023 Il telemarketing, tra evoluzione tecnologica e protezione dei dati personali. Tra evoluzione tecnologica e protezione dei dati personali, Aracne, Roma;

2020 Privacy 2030, pubblicato dal Garante per la protezione dei dati personali e IAPP;

2005 Ambiente – Profili civili (voce), in Gli interessi protetti nella responsabilità civile, The Environment – Civil issues, published by UTET, Torino;

2004 In margine all’art. 125 del d.lgs. n. 196/2003 – Art. 125 del D. Lgs. N. 196/2003, a chapter of Codice della Privacy, published by Giuffrè, Milano;

2004 Il danno all’ambiente – The Environmental Damage, a chapter of Persona e Danno, published by Giuffrè, Milano;

2003 Note critiche in tema di responsabilità extracontrattuale tra legge n. 675/1996 e d.lgs. n. 196/2003 – Notes on Civil Liability under Law no. 675/1996 and Legislative Decree no. 196/2003, in Rivista Critica del Diritto Privato, Jovene, Napoli;

2001 Le compromissioni ambientali – Environmental Damages, a chapter of Trattato Breve dei Nuovi Danni, published by CEDAM, Padova, Italy;

1999 In margine all’art. 7 del D.lgs. n. 171/98 “Chiamate di disturbo” - On Section 7 of the Legislative Decree no. 171/98, published in Privacy e Telecomunicazioni, by Jovene, Napoli, Italy;

1999 La circolazione delle informazioni economiche - Processing and Circulation of Economic Information, published in Privacy, by CEDAM, Padova, Italy.

Languages Spoken

• Italian: Native

• English: Fluent (writing and speaking)

• French: Intermediate (writing and speaking)

Experience

He has held several prestigious institutional roles, including: 1) Italian Data Protection Authority (2001–2008): Led departments overseeing public service concessionaires, marketing, regulatory simplifications, and international data transfers. Represented Italy at the European Commission and the Council on matters such as BCR, SCC, SH, APIS/PNR, and IMI; 2) Legal Advisor: Served as Legal Advisor to the Head of Cabinet at the Ministry of the Environment (2006–2009) and later as Legal Advisor to the Secretary General of the Office of the Prime Minister (2014–2017); 3) Member of the European Data Protection Board’s external consultancy pool and an Ethics Expert for the European Research Council Executive Agency (ERCEA) since 2018; Additionally, he was the first Secretary General of the Technical Commission for Environmental Impact Assessment (VIA and VAS Commission) and a member from 2007 to 2012.

Rocco Panetta has extensive academic experience, having taught at Italian and international universities, including:

• La Sapienza University (Rome);

• Roma Tre University (Rome);

• Warwick University (UK);

• Southern Methodist University (Dallas, USA);

• London School of Economics (UK).

He is currently an adjunct professor at:

• The Master in Cybersecurity at LUISS University (Rome);

• The DPO Specialisation Course at Suor Orsola Benincasa University (Naples).

Previously, he coordinated the Master in New Technology Law and European Private Law at La Sapienza University and was a researcher at the Fondazione Basso (Rome).

As a speaker and coordinator of various postgraduate courses, masters, and conferences, he frequently delivers lectures on Data Protection, Artificial Intelligence, Energy and Environment, Telecommunications, and Information Technology.

Expert in these Jurisdictions

Italy and European Union

Awards