As of May 8 1997, data protection rules have been in force under the provisions of Law No. 675 of December 31 1996 which enacted EU Directive No. 9 of March 11 1996. Varying levels of protection for personal data are contemplated and the Authority responsible recently criticized Banca Nazionale del Lavoro (BNL) because the forms used by BNL to obtain customers' consent breached the provisions of Law 675. The Authority considered BNL's forms too vague and general and in its opinion the bank's customers would be unlikely to be clear about how and for what purposes their personal data was being collated. The Authority invited BNL to modify the forms sent to customers particularly in view of the fact that refusal by customers to give BNL their consent would have meant the automatic termination of their contractual relationship with BNL and the immediate suspension by the bank of all transactions.