In its judgment no. 500/2025, the Court of Appeal of Bologna, on 13 October 2025, provides an important analysis of the principles governing challenges to multiple dismissals served on the same employee, with a specific focus on the distinction between “subsequent” and “simultaneous” dismissals and the resulting procedural implications. The Court, upholding the first-instance decision, rejected the employee’s appeal and reiterated that the failure to challenge one of the two dismissals in court makes that dismissal final, thereby eliminating any standing to sue (i.e. “interesse ad agire”) in relation to the other.
The case originated from two dismissals for just cause served on a branch manager. The employer had contested two separate disciplinary charges: the first concerning unauthorised absences, and the second concerning irregular use of the company fuel card. At the end of the two disciplinary proceedings, the employer issued two separate dismissal letters, one for each charge. Both letters were received by the employee at the same time.
The employee challenged both dismissals out of court with a single notice, but subsequently brought judicial proceedings only against the first dismissal, and not against the second.
The first-instance court dismissed the claim for “lack of concrete standing to sue”. The Tribunal reasoned that even if the challenged dismissal were found unlawful, the employment relationship would still be deemed terminated due to the second dismissal, which – having not been challenged in court – had become valid, effective, and capable of producing its effects.
The employee appealed the first-instance judgment, raising three grounds of appeal. The core of his defence lay in the first ground, in which he challenged the finding of lack of standing. The appellant argued that the two dismissals, although sent on the same day, had been issued at different times (3:15 p.m. and 3:17 p.m.), thus constituting so-called “successive dismissals”.
Relying on Italian Supreme Court case law (judgments no. 106/2013, no. 1244/2011, and no. 2274/2024), he argued that the second dismissal should be considered tamquam non esset, as it was based on facts already known to the employer at the time of the first dismissal. Therefore, the second dismissal was non-existent, and his interest in obtaining a ruling on the unlawfulness of the first dismissal should be recognised. In the remaining grounds of appeal, he reiterated his arguments on the merits, contesting the factual basis of the alleged unauthorised absences and seeking reinstatement.
The Court of Appeal dismissed the appeal in its entirety, holding the first ground unfounded and the others absorbed. The decision rests on a careful analysis of the legal nature of dismissals and the moment at which they take effect.
The central issue in the judgment is the classification of the two dismissals as simultaneous, rather than subsequent.
The Court clarified that the case law on “successive dismissals”, invoked by the appellant, does not apply, as it concerns dismissals served at different and subsequent points in time. To establish simultaneity, the panel identified the legally relevant moment not in the date or time of dispatch of the letters, but in the moment of their receipt by the employee. As dismissals are unilateral receptive acts, their effectiveness depends on when they enter the employee’s sphere of knowledge.
The Court emphasised that: “…this conclusion follows from the fact that the two dismissals affecting the present appellant – although distinct – must be considered simultaneous, and the principles set out in the Supreme Court case law relied upon by the appellant […] cannot apply, as they concern cases of dismissals that are subsequent to one another (so-called ‘successive dismissals’).”
The Court also highlighted that the employee’s own out-of-court challenge, which referred to both dismissals with a single date (28 June 2023) and without distinguishing the time of receipt, further confirmed their simultaneous nature.
On this basis, the Court upheld the correctness of the first-instance judgment. Since the second dismissal (concerning the fuel card) was not challenged in court within the 180-day statutory limitation period, it became final and fully effective in terminating the employment relationship.
This rendered any ruling on the lawfulness of the first dismissal irrelevant. Even if the first dismissal were declared null or unlawful, the employment relationship would in any event be considered terminated by the second dismissal, which had become definitive due to the lack of judicial challenge. Accordingly, the employee no longer had any concrete and current interest in obtaining a judgment on the first dismissal, thus justifying the procedural dismissal of the claim.
With judgment no. 28365 of 27 October 2025, the Italian Supreme Court – Labor Division – addressed the balance between an employer’s monitoring powers and employees’ rights to data protection and privacy. The Italian Supreme Court confirmed the legitimacy of a dismissal for just cause imposed on an employee who had disclosed personal data, information, and company documents. The disciplinary charges were based on findings emerging from checks carried out by the employer on the company laptop assigned to the employee.
The Court of Appeal held that the employer’s activity complied with Article 4 of Italian Law no. 300/1970 (i.e. “Statuto dei lavoratori”), as the company had demonstrated that adequate prior information had been provided to the employee “through dissemination of the corporate policy governing the use of IT equipment”. According to that policy, “the employer informed […] employees of the possibility of carrying out checks and inspections in the event of detected anomalies, in compliance with the applicable legislation, reserving the right, where non-compliant conduct was identified, to apply the contractual provisions governing disciplinary measures”.
The Italian Supreme Court agreed, stating that the employer had fulfilled the requirements of Article 4 of Law no. 300/1970 by providing employees with prior and adequate information regarding the possibility of carrying out checks on company IT tools.
The consequences for employers are twofold. On the one hand, the company risks exposure to significant sanctions under data protection law for unlawful processing of personal data. On the other hand, any information collected in breach of the law becomes entirely unusable for all purposes connected with the employment relationship, including the possibility of grounding disciplinary action on such evidence.
With judgment no. 29341 of November 6, 2025, the Italian Supreme Court, Labor Division, confirmed the legitimacy of the disciplinary dismissal imposed on an employee who refused to report for work at her new place of assignment, reiterating that an employee’s refusal to perform their duties – even when the transfer is disputed. must comply with the principles of fairness and good faith set out in Article 1460, paragraph 2, of the Italian Civil Code.
In the case at hand, the employee, who had been transferred following the closure of her original workplace, was absent from work for several days, refusing to report to the new location and justifying her absence by claiming family difficulties and the alleged unlawfulness of the transfer. The company, deeming her conduct unjustified, imposed disciplinary dismissal.
The Court of Appeal of Rome, confirming the first-instance decision, considered the dismissal lawful. It found that the organizational needs underlying the transfer were documented and uncontested, as the employer no longer had any operational site in the employee’s previous city. The employee, although claiming that she was materially unable to relocate due to family issues, had never provided concrete details regarding such impediments.
The Italian Supreme Court, dismissing the employee’s appeal, reiterated that the unlawfulness of an employer’s decision does not automatically justify the employee’s refusal to perform their work duties, unless such refusal is necessary to avoid serious and immediate harm to the employee’s fundamental rights. Good faith must be assessed on a case-by-case basis, taking into account the seriousness of the employer’s breach, the employee’s personal and family circumstances, and the impact of the refusal on the company’s organization.
In this case, the Court upheld the assessment of the lower courts. A refusal is justifiable only when there is serious and immediate prejudice to the worker’s fundamental rights, to be evaluated according to the principles of proportionality and good faith.
In the absence of such conditions, as in the present case,the employee’s conduct constitutes a disciplinary breach and justifies dismissal.
In judgment no. 28365 of 27 October 2025, the Court of Cassation, Labour Section, upheld the legitimacy of the disciplinary dismissal imposed on an employee for the unlawful use of company IT tools. The Supreme Court confirmed the full legitimacy of the employer’s monitoring, as it was carried out in compliance with company policies properly communicated to employees.
The case originated from the summary dismissal imposed in 2021 by the company on an employee responsible for commercial management activities.
The disciplinary measure was based on findings, following IT audits, of repeated unauthorized access to company systems and the transmission to external parties of a large number of files containing clients’ sensitive data.
The employee challenged the dismissal, disputing the legitimacy of the monitoring and claiming that the company laptop subject to the checks was his personal property at the time the data were extracted, and that the inspection activities were in violation of privacy laws and Article 4 of the Workers’ Statute.
The Court of Appeal of Campobasso rejected the appeal, considering the dismissal fully legitimate. The company had demonstrated that the computer was still company property at the time of the checks and that the monitoring had been carried out in compliance with the internal policy, previously communicated to employees, which clearly outlined the purposes, methods, and limits of IT monitoring, as well as the possibility of using the collected data for disciplinary purposes in case of violations.
Read the full version published on Norme & Tributi Plus Diritto de Il Sole 24 ore.
The Spanish Data Protection Authority (i.e. “AEPD”) initiated sanction proceedings against a Spanish company belonging to an international group, following a complaint filed by a former employee.
The employee alleged that the company had added her personal mobile phone number to a corporate WhatsApp group, without her consent, for work-related purposes while waiting to receive a company phone – which she never actually received. Before taking a holiday, the employee had expressly notified the company by email that she would stop using her private number for work matters and had left the corporate WhatsApp group. However, only a few days later, her number was added again to a company group chat. The company argued that the inclusion was temporary, pending delivery of the business phone, and that WhatsApp groups were used solely for internal work communications among employees.
The AEPD, however, found that the use of the employee’s personal number without consent violated Article 6, paragraph 1, of the GDPR, which requires a lawful basis for any processing of personal data.
The Spanish Authority recalled that a personal mobile phone number is a personal data item, and that its use to include an employee in a corporate messaging group constitutes data processing which must rely on one of the legal bases set out in Article 6, paragraph 1, of the GDPR.
In the case under review, there was no consent from the data subject, nor any contractual necessity or other legitimate ground for processing. Moreover, the Spanish Authority stated that the existence of an internal company policy on the use of mobile devices does not exempt the employer from the obligation to establish a proper legal basis for processing.
The company was therefore fined €70,000, reduced to €42,000 after it acknowledged the violation and opted to pay the reduced amount. The AEPD also ordered the company to adopt corrective measures to ensure future compliance with the GDPR.
BYOD (Bring Your Own Device) policies are corporate rules governing the use of personal devices – such as smartphones, laptops, or tablets – for work-related purposes.
In practice, a BYOD policy sets out how employees may use their personal devices to access corporate data, emails, or applications, and defines the relevant security measures.
It is always preferable for companies to provide corporate devices and maintain a clear separation between personal and business tools. However, if the employer decides to allow employees to use personal devices for business purposes, a documented internal policy should be adopted, regulating:
Other related insights:
