Italian Data Protection Law ( Update) – The Employer is authorized to control on employees’ personal computer, but in compliance with specific rules

The employer cannot control the content of an employee’s PC without having previously informed employees of such possibility and without full respect for the freedom and dignity of the employee. This was the decision on the appeal of the Italian Data Protection Authority (DPA) filed by an employee who was terminated without notice by his employer. The man addressed both the ordinary courts to challenge the merits of the charge and his dismissal, and the DPA to oppose the way in which the company acquired and processed his data.
The DPA found out that the documents on the basis of which the employer based his decision were contained in a personal folder of the laptop assigned to the employee. The company had access to the data when the employee provided his laptop for the periodic backup operations. Contrary to what stated by the company, it does not appear, however, that the employer had been previously informed about the limits of usage of the device, nor about the possibility that analysis and verification operations could take place on the information contained on the computer itself.

The DPA reiterated that the employer can carry out targeted checks in order to verify the effective and proper fulfillment of the employees’ job performance and, if necessary, the proper use of the tools provided.
This activity, however, can only be performed while respecting the freedom and dignity of workers and the legislation on protection of personal data, which provides, inter alia, that the person concerned must always be given appropriate information on the possible processing of his data in case of verification and control operations. The DPA therefore prohibited to the employer any further use of the personal information acquired.

Aurelio Lonigo

Carlo Scarpa

Advertisements