A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 11 abril 2017
The Italian DPA (the "Garante") issued an order against a multinational corporation (the "Employer") prohibiting the processing of data acquired through indiscriminate monitoring of the e-mail account and smartphone given to the employee for the performance of their work activities (the "Decision"). Amongst other things, the Employer accessed the employee’s e-mails systematically through the mail server to check their contents.
Italian privacy law forbids remote controlling, or controlling through automated means, of employees’ work activities unless:
Those provisions do not apply however to “instruments necessary for carrying out work activities”, because the information gathered through these instruments may be required for disciplinary purposes. However, it is still necessary to comply with privacy law and it is mandatory to fully inform employees by giving detailed information prior to such (potential) monitoring (as set out in Article 4 of Law N. 300/1970 – “Worker’s Statute” as modified by Legislative Decree N. 151/ 2015).
The Garante clarified that a device is to be regarded as “necessary for carrying out the work activities” only if it is “strictly functional to the work performance” (for instance: a personal computer or a personal work e-mail account).
Similar to the approach of the Garante, the Labor Ministry specified in its Circular Letter N. 2/2016 that GPS devices mounted on company cars are not to be regarded as instruments necessary for work. In addition, such GPS devices are required to be lawful either via an agreement with the trade unions or an authorisation of the Labor Office. The Ministry clarified that only devices that are “essential for the carrying out of work” are exempted from those requirements.
The Garante also reiterated the principles already set out in its guidelines (Deliberation of March 1, 2007) (the "Guidelines") on the usage of e-mail and internet in the work place, that must be followed in addition to the above mentioned requirements and provide that, amongst other things:
Aside from the sanctions that can be applied for violation of Italian privacy law, and the liability for any damage caused, any data acquired outside the above mentioned provisions cannot be used against the employee.
Following the decision organisations are advised to check:
A report published by the Garante in its newsletter about the Decision can be accessed here (Italian).
The Labor Ministry's Circular Letter N. 2/2016 can be accessed here (Italian).
The Guidelines can be accessed here (Italian).
Submitted by Aldo Feliciani of Studio Legale Bonora e Associati – Milan, Italy
Sally Roff, Stefan Desbordes
David Williams, Peter Allchorne, Barrie Hall
Clare Hughes-Williams, Catrin Davies, Naomi Park, Sophie Ruffles
Emma Fuller, Jade Batstone, Daniel Miller
Sally Roff, Chris Baranowski
Charlotte Le Maire
Andrés Amunátegui Echeverría, Sascha Stullenberg
Peter Allchorne, David Williams
Richard Highley, Julian Bubb Humfryes
Mark Roach, Rebecca Austin
David Williams, David Johnson
Sara May, Mark Ashley, Liam Riley