After approval issued by the Privacy Authority, businesses may install an “app” on the smartphones of their staff to record the start and end of the work shift. What are the regulatory principles of such remote supervisory tools which, while practical for corporate efficiency, may affect the right to employee’s privacy? The monitoring app may store only data related to the location of work as well as the date and time of “virtual stamping”, but they cannot store the exact location of the employee. For the protection of the employees, in addition, the time-stamping app must be configured in such a way to prevent the processing, even if accidental, of other personal data contained in the device owned by the employee. In addition, employees must be adequately and fully informed about the type of data, purpose and methods of the processing, storage times, optional nature of the provision, and the persons responsible or in charge of the processing. The companies shall also ensure implementation of the security measures necessary to preserve data integrity and to prevent access to unauthorized persons. The judgment of the Privacy Authority contributes to develop the concept of “privacy by design”, balancing the interests of corporate efficiency and the protection of workers’ privacy.
