The long debated Italian reform of labour law has at last come into effect.
Following the publication on the Official Gazette, on Sept. 23, 2015, of the four legislative decrees implementing the powers granted to the Italian government by means of Law no. 183/2014 (so-called Jobs Act), the much anticipated renewal of the labour market framework has finally been completed.
Under a data protection compliance perspective, the main provisions have been introduced by Article 23 of Legislative Decree no. 151/2015, which amended Article 4 of Law no. 300/1970 (the Italian Workers’ Statute) governing the equipment and systems for the remote monitoring of the employees’ work activities.
Such new rules, negotiated by the government and the Parliament, together with the Italian data protection Authority, for so long, led the national unions to kick up a fuss and talk about “liberalization” of espionage in the workplace.
The Ministry of Labour has repeatedly defended the spirit and content of the reform, by also issuing public statements with a view toward clarifying the main provisions introduced by the government.
The truth, as always in these cases, lies somewhere in the middle.
Some of the amendments indeed pave the way for an easier and wider installation of some type of tools for the (potential) control of employees, but others enhance (or maybe, confirm) the level of protection of their privacy.
Confusion often stems from the lack of knowledge of these sensitive matters.
By way of example, the elimination of the prohibition to install audio-visual equipment or other systems allowing, inter alia, for the monitoring of employees’ work activities — which according to many commentators opens the door to a sort of mass surveillance on the workplace — is indeed just a window dressing.
The wording of Article 4 has in fact been changed by removing the formal “ban," but the substance of the rules — and so the obligations to be met by the employer — remain unchanged.
Remote monitoring systems and equipment may still be used only after an ad hoc agreement has been signed with the union representatives (if any) or a specific authorization has been issued by the competent local labour authorities (i.e. Direzioni Territoriali del Lavoro).
As under the “old” regime, thus, the installation of these type of instruments must be preceded by an accurate “screening” phase.
The true innovation, in this respect, rather regards the widening of the purposes legitimizing the use of such equipment that may now be put in place not only for organizational and production needs and workplace security reasons, but also to safeguard the company’s assets.
So we come to the most debated innovation laid down by the reform, i.e. the exclusion from the above requirements of all the tools used by the employees to carry out their work activities.
Here, again, the chance for the company to secretly spy on its employees? Not at all.
As clarified by the Ministry of Labour, the union agreement or the administrative authorization are not needed if, and to the exclusive extent that, the instrument may be considered as a means that is really necessary for the employee to fulfill their work obligations. Accordingly, when such a tool is modified to control the employees (for example, by embedding localization or filtering software), the above exemption simply does not apply, and such “changes” may take place only under the conditions mentioned above: the recurrence of special needs, the union agreement or the authorization.
Nothing seems to have changed, then. As before, the use of tools that can allow a remote control of employees continues to require a formal green light from union or labour authorities.
The real change lies in the express exclusion from any approval requirement of access and attendance control systems, which were previously covered by the union screening obligation.
There’s an ambiguity, however, that is likely to create a dangerous confusion in terms of compliance by data controllers.
The broad wording of par. 2 of the amended Article 4, in fact, unavoidably raises the question as to what instruments may be considered as really “necessary” to the employee for job performance and as to whether such a provision shall apply to the tools which, although provided by the company, are only indirectly related to the employees’ work activity (think about the often-needed GPS systems installed on company vehicles used by truck drivers).
The Italian data protection authority is thus called to clarify the point, as well as many other aspects of the new legislation, so to avoid any misinterpretation by market players.
Finally, the last paragraph of new Article 4 clearly states that the personal data collected by means of remote monitoring systems may be lawfully processed only if, on the one hand, the employees have been informed in detail in respect of how such tools are used and controls are carried out by the company and, on the other hand, full compliance is ensured by the employer with the Italian Personal Data Protection Code (and with all the relevant resolutions of the Garante).
Therefore, the true impacts of the reform on privacy are rather limited.
Just smoke in a mirror, in effect.
If you want to comment on this post, you need to login.