Professional Training in Milan (Italy)
4 June 2014
Workplace Privacy (excerpt)
Dr. Andrea Maggipinto, ICT Lawyer
Bar Assoc...
Employer’s Control
Avv. Andrea Maggipinto
Employees are entitled to a reasonable protection of their
privacy in personal a...
Binding principles
Avv. Andrea Maggipinto
The processing must be compliant with data protection
safeguards in pursuance of...
Employer is required to
Avv. Andrea Maggipinto
always provide clear-cut, detailed information on the
appropriate mechanism...
Hardware and Software
Avv. Andrea Maggipinto
It is not permitted to process data by means
of hardware and software systems...
Compliance
Employers may lawfully avail themselves of systems that
allow distance controls to be carried out indirectly (s...
Distance monitoring
The Italian Data Protection Authority established that
equipment intended for distance monitoring is
f...
Unintentional control
The employer must respect his employees' dignity and
freedom with particular regard to the prohibiti...
Lawfully Data Processing
Employers may lawfully process personal, non-sensitive
data if the following applies:
(i) if the ...
Employees’ e-mail
There are restrictions for the Company viewing and
accessing of employee email.
As regards the use of em...
Dr. Andrea Maggipinto, ICT Lawyer
andrea.maggipinto@gmail.com
W W W . M A G G I P I N T O . O R G
Via Caradosso n. 7
20123...
Upcoming SlideShare
Loading in …5
×

Workplace Privacy (excerpt)

319 views
254 views

Published on

Employees are entitled to a reasonable protection of their
privacy in personal and professional relationships alike. But what about the Employer’s Control?
NEW EMAIL ACCOUNT: AVVOCATO@MAGGIPINTO.EU

Published in: Law, Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
319
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Workplace Privacy (excerpt)

  1. 1. Professional Training in Milan (Italy) 4 June 2014 Workplace Privacy (excerpt) Dr. Andrea Maggipinto, ICT Lawyer Bar Association of Milan
  2. 2. Employer’s Control Avv. Andrea Maggipinto Employees are entitled to a reasonable protection of their privacy in personal and professional relationships alike (see Italian Constitution, and the Italian Data Protection Code: the so called “Privacy Code” - D.Lgs. 169/2003) ensuring that data subjects' rights, fundamental freedoms and dignity are protected also in the workplace limitations under local laws (Italy)
  3. 3. Binding principles Avv. Andrea Maggipinto The processing must be compliant with data protection safeguards in pursuance of the following binding principles: (i) necessity: information systems and software must be configured by minimizing use of personal and/or identification data in view of the purposes to be achieved (article 3 of the Privacy Code); (ii) fairness: the fundamental features of the processing must be disclosed to employees (article 11 of the Privacy Code), so they can be aware and fully informed thereof; (iii) the processing must be carried out for specific, explicit and legitimate purposes in compliance with relevance and non-excessiveness principles (article 11 of the Privacy Code).
  4. 4. Employer is required to Avv. Andrea Maggipinto always provide clear-cut, detailed information on the appropriate mechanisms of use applying to the equipment that is made available as well as on whether, to what extent, and how controls are carried out (it is appropriate to issue internal guidelines); always inform employees in advance and unambiguously about any processing operations that may concern them in connection with possible controls, according to article 13 of the Privacy Code (the so called “Information Notice”).
  5. 5. Hardware and Software Avv. Andrea Maggipinto It is not permitted to process data by means of hardware and software systems that are intended to carry out distance controls (at times in a very detailed manner) in order to keep track of employees' activities.
  6. 6. Compliance Employers may lawfully avail themselves of systems that allow distance controls to be carried out indirectly (so called “unintentional controls”) in compliance with article 4 of the Act no. 300/1970 (so called “Workers' Statute”). In fact, data protection Italian legislation must be applied jointly with sector-related rules concerning labor law (in particular, article 4 of the Workers' Statute regarding the so called “distance monitoring”). Avv. Andrea Maggipinto
  7. 7. Distance monitoring The Italian Data Protection Authority established that equipment intended for distance monitoring is forbidden, for instance: the systematic scanning and recording of email messages and/or the respective external data apart from what is technically necessary to provide email services; the reproduction and systematic storage of the web pages visited by employees; keystroke pattern analysis and recording devices; the hidden monitoring/analysis of laptops entrusted to individual employees. Avv. Andrea Maggipinto
  8. 8. Unintentional control The employer must respect his employees' dignity and freedom with particular regard to the prohibition against deploying "equipment for the purpose of controlling employees' activities from a distance" – which unquestionably includes hardware and software equipment intended to control the users of electronic communications systems. However, if potential criminal activities were detected through indirect and “unintentional controls”, this information could be used against the employee according to local laws. Avv. Andrea Maggipinto
  9. 9. Lawfully Data Processing Employers may lawfully process personal, non-sensitive data if the following applies: (i) if the circumstances are such as to warrant the legitimate establishment of a judicial claim; (ii) if the data subject has given his/her free consent thereto in a valid manner; (iii) without the data subject's consent only in pursuance of a decision that establishes a legitimate interest in processing the data in question as per the legislation concerning the so-called balancing of interests (see article 24). Avv. Andrea Maggipinto
  10. 10. Employees’ e-mail There are restrictions for the Company viewing and accessing of employee email. As regards the use of emails in the employment context and by having regard to the outward appearance of email addresses in the individual cases, in the absence of specific policies, the employee may legitimately expect certain types of communication to be kept confidential. So it is strongly recommended to establish company policy and procedure to control employee emails. Avv. Andrea Maggipinto
  11. 11. Dr. Andrea Maggipinto, ICT Lawyer andrea.maggipinto@gmail.com W W W . M A G G I P I N T O . O R G Via Caradosso n. 7 20123 Milan (Italy) T: +39 02 48102313 F: +39 02 48102321 it.linkedin.com/in/ andreamaggipinto @amaggipinto

×