The debate on the remote monitoring of employees through electronic devices that are potentially suitable for checking their performance and invading their privacy is back in the spotlight.
A leading international company ‒ which also operates in Italy ‒ has recently made the news because it has apparently developed an electronic device for optimizing work that, however, would at the same time make it possible to monitor performance and to connect it to a specific worker, with all the consequences that this circumstance could entail in terms of confidentiality.
Even though neither the exact characteristics of this device, nor the use that would be made of any data possibly collected through it are yet known, several objections have already been raised, among many others, with reference to the challenges that such device could entail for the Italian Privacy Law.
Within what limits could the employer make use of technology that would be useful for business purposes but would also very likely affect the worker’s personal environment?
At present the Italian Privacy Code provides for some legitimate interests of the data controller (in this case the employer) which may override the confidentiality of the data subject (i.e. the employee). Indeed, the reference made by Legislative Decree No. 196/2003 to Article 4 of Law No. 300/1970 implies that, under certain conditions, the employer may use devices that are potentially suitable for monitoring the emplyee’s activity, as long as they are used either for productive and organizational purposes, for workplace safety, for the protection of the company’s assets, for recording accesses or attendance, or for performing work. Any information thus collected may be used for purposes related to the employment relationship, provided that the processing of such data is carried out in compliance with the provisions of the Privacy Code.
Therefore at present, in the opinion of the writer, in order to solve the matter the starting point should be at least the purpose for which the use of the technological device is intended for each activity, since the privacy issue comes in only at a later stage to assess the lawfulness and correctness of any processing that was already given full legitimacy by Labour Law.
However, it should be taken into account that the above described framework may change shortly, in particular following the final application of EU Regulation No. 679/2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, expected for 25th May 2018.
The balancing of the opposing and legitimate interests of the data controller and of the data subject is in fact a principle that remains in the new Regulation and becomes even more relevant as compared to the Privacy Code as it seems to give the employer (as data controller of his employees) the full responsibility, and therefore also the right to independently assess the cases in which he can proceed to a legitimate processing of personal data since there is an overriding interest on his side with respect to the rights of the data subjects (i.e. the employees).
However, the same Regulation leaves to the Member States the option of providing for more specific internal rules to ensure the protection of the rights that are inherent in the processing of employees’ personal data so that, in this transitional context, it is clear that currently it is not possible to predict who will be the winner of the conflict between entrepreneurial freedom and right to privacy.
We should bear in mind that the evolution of technology, and consequently the movement of data, is a process that is obviously unstoppable and that the law, including that relating to the protection of personal data, should be the tool for regulating such phenomenon, rather than the means to stop it.
Indeed this seems to be the philosophy of the new Privacy Regulation that right from its title shows the purpose of protecting not only natural persons but also the free movement of data.
(Valentina Saviotti – valentina.saviotti@studiozunarelli.com)
