With its Decision No. 441 of 29 May 2018, the Data Protection Authority has admitted the possibility of personal data processing through a geographic positioning system installed on tablets and smartphones given to the employees of a company that renders private security guard and money & valuables transport services. The above provided that the company adopts a series of necessary measures, amongst which one may find: (a) the system configuration in such a way that (i) an icon is placed on the device showing that the localisation features is active, (ii) the deactivation of the localisation feature is allowed during the breaks granted from the respective jobs, and (iii) it is possible to black out the visibility of the geographic position, after a certain period of inactivity of the operator on the screen at the operations centre; (b) the identification of the time during which the data actually processed will be kept, by taking into account the pursued aims; (c) the appointment of the software supplier as outside data processor. Furthermore, the security guards will not have to be directly identified by the system and the access in real time to the localisation data made by the authorised staff from the operations centre will only be foreseen in case of need and emergency. In short, in order for geographic positioning systems to be lawful, the latter must not entail the tracking of staff and, therefore, the employer must not use them to observe the movements of employees.
