Employee monitoring

21 Dec 2017

More than one and a half years have passed since the entrance into force of the amendments made to Art.4 of the Workers’ Statute and their impact is now beginning to emerge. During this period, there have been interpretations, reversals, decisions and analyses, all of which, today, permit an assessment to be carried out on the advisable measures to take in order to to satisfy the new provision’s requirements. 

What is certain is that the authorities and inspection bodies have already begun to verify the compliance of companies with such requirements. Has the company’s use of video cameras been authorised or agreed to with the trade unions? Does the company have a suitable policy on the use of company management or production software? 

Compliance with Art. 4 has now also become a more pressing matter for companies, considering that the European General Data Protection Regulation (GDPR) - which will replace the Italian Privacy Code - will enter in force on 23rd May 2018. The GDPR is innovative in nature and requires both consideration and some preparatory steps.

In fact, Art. 4 of the Workers’ Statute directly refers to the GDPR: one of the requirements for the legitimate use of data deriving from company tools is the company’s compliance with data privacy obligations. The relationship between the two regulations is an issue from which the majority of legal disputes will arise. 

This matter should not be viewed as lacking in importance, as demonstrated by the fact that the Italian Data Protection Authority has, on numerous occasions, including recently, sanctioned the indiscriminate access (i.e. unregulated ex ante by means of a suitable policy) by employers of email accounts or personal data stored on company smartphones provided to employees.  

In addition, the issue of employee monitoring is now even more current, taking into account that the new law on flexible working (so called “smart working”, on which our firm is already working to provide its clients with innovative solutions), makes express reference to Art. 4 of the Workers’ Statute and provides that any agreement concerning “smart working" solutions must also regulate the monitoring of employees who perform their work outside the Company premises. Lastly, the recent introduction of an obligation for companies to have a whistleblowing system in place poses further difficulties in terms of coordination with Art. 4.  

It is for these reasons that it is advisable for companies to take stock of the situation at this time, even if there still remain some concerns with regard to interpretation of the regulation. 

A little reminder on the reform

Under the amendments made to Art. 4 of the Workers’ Statute, work tools (i.e. tools used by employees to perform their work) are not subject to the obligation of an agreement with the trade unions or to the alternate obligation of an administrative authorisation, even if employee activity may possibly be monitored through such tools. 

On the other hand, companies must still have a prior agreement with the trade unions or acquire specific administrative authorisation for tools and systems used by the company for health & safety reasons, the protection of company assets or the organisation of work.  

However, it is not always easy to distinguish the first type of tools from the latter type. Nevertheless, careful attention should certainly be paid to this issue.

In order for an employer to be able to use any data deriving from the various tools, a company policy on the tools and systems (whether work-related or otherwise) must be drafted and its relationship with data privacy  be considered (regulations and policies). By not doing so, the employers may expose themselves to sanctions which greatly vary in terms of nature and extent (from criminal sanctions to fines for negligence and being banned from using any data deriving from the company system).

So, what must be done in practice? 

First of all, the tools and processes currently in place at the company must be analysed; only a complete picture and an accurate audit of the situation will be able to identify what is required of the company in order to be compliant. 

Then, once the work tools have been identified, they must be regulated.

The lack of an internal regulation on work tools and company systems, as well as on the data deriving therefrom, inevitably poses a danger to the business and management of the company. Not having clear rules in the first place will in any case later render last-minute measures and remedies useless.

Who can I contact for more info?

For further information or an informal discussion of the issue, you can contact Aldo Bottini (sab@toffolettodeluca.it), firm Partner and Head of the firm’s team dedicated to employee monitoring, or your usual contact point within our firm.