Privacy and the working relationship. The European Supervisory Authority Guidelines

Privacy and the working relationship. The European Supervisory Authority Guidelines

By Damiana Lesce, Valeria De Lucia and Paola Lonigro

Under article n. 267 of June 15, 2017, of the Italian Personal Data Protection Authority rejected  the request of an employer, aimed at processing the  personal data  of employees in compliance with the terms of  a commercial contract, whereby the employer undertook to notify to its clients the name of its employees with criminal records.

May 2018 is getting closer and, since September, companies and public administrations will have to comply with the Privacy Policy. In this regard, we recommend the Opinion on Data Processing at Work 2 / 17- 8 June 2017 – Article 29 Data Protection Working Party of European  Data Protection Agencies summarizing the fundamental principles for the treatment of sensitive data:

RIGHT TO RESPECT PERSONAL LIFE, THE LIBERTY AND DIGNITY OF THE WORKER. Every worker has the right for his private life, freedom and dignity to be respected; every worker must be adequately informed about how to treat personal data in a clear, simple and exhaustive manner.

BALANCE BETWEEN CONTROL AND PURPOSE. Each treatment must be proportionate to the purpose pursued and the use of personal data as limited as possible. For example, geolocation tools can be used strictly for business purposes and the worker there must be possibility to disable the locator.

EMAIL AND INTERNET CONTROLS. It is legitimate to introduce tools and technologies to reduce the risks of computer attacks and the spread of confidential information, but you cannot spy on employees’ mail or their internet browsing.

SOCIAL NETWORK. Any consultation or monitoring of social networks should be limited to professional status, excluding the private lives of employees or candidates for recruitment.

PRIVATE SPACE OFFER ON COMPOUNDS AND CLOUD SERVICES. To encourage the correct use of corporate tools and policies while respecting the privacy of employees,  Data Protection Officer invite employers to dedicate, for example, WIFI connection areas and to define reserved spaces on computers and smartphones, cloud and e-mail, where documents can be stored or personal communications can be made which are not accessible to the employer except in absolutely exceptional cases.

WORKERS’ CONSENT IS NOT SUFFICIENT TO LEGITIMIZE TREATMENT. To be considered valid, consent to treatment, must be voluntary. Therefore, it will not be enough for companies and public entities to acquire employee consent for the processing of their data. Data Protection Officer suggest resorting to common normative or contractual arrangements in a balance-of-arms relationship with workers’ rights and freedoms. Apart from being voluntary, the consent must of course be informed. Once again then, corporate policies remain and will be important.

0

Related Posts

Commitment and Engagement: New…

There has been much discussion in recent months about the Great Resignation phenomenon  which has revealed a constant increase in resignations in many sectors, including in the Italian labour market.…
Read more

The importance of the…

Mariapaola Rovetta Lawyer The company Code of Ethics governs many aspects of company life. The rules included in it have the purpose of guaranteeing values ??such as equality, fairness, confidentiality,…
Read more

New Applications for Remote…

by Federico Manfredi and Rebecca Pala Remote working has revealed itself to be a revolution in the methods of execution and management of the employment relationship, destined to stabilize on…
Read more