DLP Insights

The Privacy Authority’s ban on indiscriminate monitoring over the use of the Internet and e-mail by employees

Categories: DLP Insights, Practice

28 Sep 2016

The Privacy Authority, with provision No. 303 dated 13 July 2016 disseminated with the Newsletter No. 419 dated 15 September declared unlawful the processing of data carried out by a university using special software. Specifically, the Privacy Authority noted that the software in question was such as to allow a systematic monitoring of the activity and the use of Internet services individually performed by identifiable individuals; after assessing that the same could not constitute a "work tool", it declared it against the provisions of article 4 of the Workers’ Statute, also in its new wording, lacking in addition a specific authorization by the ministerial bodies. From a different standpoint, the Privacy Authority noted the violation of the principles of lawfulness, relevancy and non-excessive data processing carried out by the university, in addition to the violation of the principle of fairness. This is because the university regulations on the use of the Internet and e-mail was not suitable to provide adequate information to the data subjects pursuant to art. 13 of the Privacy Code. Basically, with this provision, the Privacy Authority reiterated that indiscriminate monitoring on the use of the Internet and e-mail against employees is in conflict with the Privacy Code and with the "new" article 4 of the Workers’ Statute.

More insights