Jei - Jus e Internet

Il primo organo di informazione giuridica su internet per gli operatori del diritto - in linea dal 1996

Prevent and combat cyberbullying: is the current regulatory framework sufficient?

Scritto da Paula Lorenzo Queralt

Over the last decade and as a result of the increased availability of new technologies, cyberbullying has become a global issue affecting more and more young people in most developed countries, where using new electronic technologies is now an inseparable element of society in the age of globalization.

1. What is cyberbullying?

There is no single definition of cyberbullying agreed upon internationally or at European level. However, attempts to define this phenomenon have been made by international organizations, EU institutions and academia.

The European Commission defines cyberbullying as repeated verbal or psychological harassment carried out by an individual or group against others by means of online services and mobile phones. It is generally understood as bullying taking place on the internet.

According to the study on safe habits in the use of ICT by minors published by the INTECO in March 2009, cyberbullying is defined as harassment among peers in the ICT environment, and includes acts of blackmail, humiliation and insults from children to other children.

Despite differences among definitions the following elements have been identified as common features of cyberbullying: the use of electronic or digital means; the intention to cause harm; a sense of anonymity and lack of accountability of abusers as well as the publicity of actions.

2. Which are the means used?

Cyberbullying occurs through electronic communication technologies, such as e-mail, instant messaging, social media, online gaming, or through digital messages or images sent to a cellular phone. Nowadays, cyberbullying is increasingly performed through social networks such as Facebook, Instagram, Twitter, Snapchat, WhatsApp, Tumblr and YouTube.

3. International perspective of cyberbullying

There is agreement at international level that bullying and its manifestations including cyberbullying are forms of psychological and physical violence, which explains why the Article 19 of the UN Convention on the Rights of the Child (UNCRC) establishes that children have the right to be protected from all forms of violence. The Convention has been ratified by all EU Member States which are thus obliged to take all appropriate legislative, administrative, social and educational measures to protect the child from all forms of violence including cyberbullying.

Concerned about the increase in bullying and cyberbullying in different parts of the world, the UN General Assembly adopted in 2014 a Resolution (A/RES/69/158) on protecting children from bullying. Besides highlighting the seriousness of these phenomena and their negative impact on the well-being and rights of the child, the resolution calls Member States to take all appropriate measures to prevent and protect children from the various forms of bullying.

Other important provisions to prevent and combat cyberbullying were adopted by the Council of Europe, such as follows.

3.1 Legally binding measures

The Council of Europe’s European Convention for the Protection of Human Rights and Fundamental Freedoms 1950 (ECHR) protects and promotes key fundamental rights which are also applicable to children and young people.

The European Social Charter is another Council of Europe treaty which guarantees social and economic rights as a complement to the ECHR which refers to civil and political rights. The Charter has been ratified by all EU Member States which are, thus, required to take the necessary steps to fully comply with it. Article 17 (a) of the European Social Charter establishes the protection of children against negligence, violence or exploitation. This is particularly relevant given that bullying and cyberbullying have been recognized as forms of violence.

In addition to the above mentioned instruments, other relevant rules applicable to cyberbullying are worth highlighting. The Budapest Convention on Cybercrime of 2001 and its Additional Protocol deals with crimes committed via the internet and addresses violations of network-security such as the illegal access to a computer system, illegal interception, damaging, deletion, deterioration, alteration or suppression of computer data. It also obliges Member States to establish adequate investigative powers and procedures to tackle cybercrimes.

Moreover, the Convention for the Protection of Individuals regarding Automatic Processing of Personal Data (Strasbourg, 28.1.1981) protects individuals against abuses related to the collection and processing of personal data.

Although the Conventions described above do not mention cyberbullying specifically, it may be classified as a cybercrime falling under the Convention on Cybercrime and may give rise to data protection issues which can be addressed by the Convention on the processing of personal data.

Victims of cyberbullying, if applicable, may also enjoy the protection offered by the Convention on Protection of Children against Sexual Exploitation and Sexual Abuse, which requires Member States, in article 23 to criminalize acts of solicitation of children for sexual purposes through communication technologies.

3.2 Non-legally binding measures

The Council of Europe has adopted the Strategy on the Rights of the Child for 2016-2021 that acknowledges that the digital environment exposes children to harmful content, privacy/data protection issues and other risks, including an excessive exposure to sexualized images. Cyberbullying is recognized as an issue, in fact, children’s own conduct online may harm others and represent a risk to them.

4. Regional legal framework: The EU competence on cyberbullying

Even if the Lisbon Treaty and the EU Charter provide legal grounds for EU action in the area of children’s rights, neither of them confer a competence on the EU as a general policy area, so the EU has only a ‘supplementary’ role consisting of supporting, coordinating or supplementing the initiatives adopted by Member States at domestic level.

The EU competence in this field is based on Article 83 of TFEU, according to which the EU can establish minimum rules concerning the definition of criminal offenses and sanctions in the areas of particularly serious crimes with a cross-border dimension. The areas of serious crimes, as defined by this Article, include computer crimes. Moreover, the EU has the competence to approximate criminal laws if such approximation proves essential to ensure the effective implementation of a Union policy in an area that has been subject to harmonization measures.

Although very few of the 28 EU Member States have adopted legal provisions specific to cyberbullying, cyberbullying may be punished in all Member States under the legal framework for computer related crimes. However, the EU has adopted a range of legal provisions relevant to cyberbullying such as the Directive on victims’ rights[1][] and the Directive on combating child sexual abuse[2].

5. Italy’s legislative framework

On May 29, 2017th, the Italian Parliament approved unanimously the Law n. 71 on protection of minors for the prevention and contraction of the phenomenon of cyberbullying.

This law provides a specific definition of cyberbullying and combines a preventive and reparative approach through the promotion of digital education and the provision of a specific procedure for removing online content that is detrimental to the dignity of the child.

The new procedure allows that a minor over 14 years victim of cyberbullying (or parent) asks the responsible of the website or data owner to obscure, remove or block the harmful content published on the network. In the event that the holder does not provide within 48 hours, the person concerned may apply to the Italian Data Protection Authority, who will have to intervene within the next 48 hours. The law excludes that this procedure applies to access providers, cache providers and search engines.

Under the education profile, each school will have to appoint a teacher, who will be in charge of promoting iniviatives against bullying and cyberbullying. In the implementation of such educational initiatives he should collaborate with police authorities, and the associations present in the territory.

The educational profile is also ensured by the fact that this law remit to the Italian Education Ministry the issuance of prevention and conflict orientation lines, focusing on the training of school staff, the promotion of an active role of students and the prediction measures to support and re-educate the children involved, while the schools are tasked with educating on the legality and conscious use of the Internet.

Finally it was extended to cyberbullying the administrative sanction of admonishment issued by the Police Authority, which was introduced in Italy for the stalking crimes. This sanction consists in an oral warning to stop the harmful conduct that the “questore” gives to the guilty minor and which involves serious consequences such as the increase of the criminal sanction in case of future conviction for related crimes.

The new italian law on cyberbulluying deviated the initial orientation aimed at providing for a specific criminal sanction, given that the majority of practices in which cyberbullying is taking place are already protected by numerous provisions in the penal code. However, it is worth hilighting that there still exist some regulatory gaps.

5. Spain’s legislative framework

Spain is one of the few EU countries that can claim to include specific provisions addressed to cyberbullying in their legislation.

Although it is not defined specifically in the Penal Code, cyberbullying could be covered, given that it includes electronic harassment. According to Article 173 of the Spanish Criminal Code, a fine or imprisonment can be imposed on whoever harasses a person insistently and repeatedly through a range of behaviours seriously altering the daily life of the victim, such as contacting the victim through media. Any attempt of such behaviour is also punishable. The Article establishes aggravating circumstances that may be relevant for cyberbullying, such as if the victim is vulnerable due to his/her age, and if the perpetrator has an emotional connection with, or is related to, the victim.

Spanish authorities have also started positive initiatives to tackle the phenomenon, such as the implementation of early warning systems in schools, with a series of indicators that allow teachers to spot cases and inform parents or guardians[3].


The evolution in recent years of technology, particularly when it comes to apps and social networks, means there is a real need to put an end to this growing phenomenon, because as electronic devices and the media they act as portals for encroach more and more on daily life, more people are likely to be a victim to cyberbullying.

As the above paper assumes, in the EU legislation there is no single legal act that would completely and directly regulate cyber bullying issues. According to huge diversity of cybercrime types, there is no one definition of crime and offences committed in cyberspace. Efficient cooperation between investigation bodies often depends on at least partial unified definitions of cyber bullying, thus the key aim remains the works on harmonization and amending legal regulations of the member states in the area.

[1] Directive 2012/29/EU of the European Parliament and of the Council of 25 October 2012 establishing minimum standards on the rights, support and protection of victims of crime.

[2] Directive 2011/93/EU of the European Parliament and of the Council of 13 December 2011 on combating the sexual abuse and sexual exploitation of children and child pornography. This Directive has been implemented by all Member States considered under this study, except Denmark.

[3] Cyberbullying, prevent and act. Guide of didactic resources for Schools and Education Centers. Available in: