The new Italian Jobs Act provisions open new opportunities for the usage of Internet of Things technologies aimed at monitoring employees in their working activity.
We covered this issue in a previous post, but since the law has now been approved with some relevant changes, it is important to address the issue again. Also, we ran a presentation on the Internet of Things after the Jobs Act (available here) recently.
What Internet of Things devices can be used on the workplace?
The IoT technologies by definition collect data about their users and therefore can be easily implemented on the workplace to gather information about employees. And for instance such technologies include
1) wearable technologies aimed at collecting health related data on the body conditions of employees which are particularly relevant for employees that are involved in dangerous working activities, but can be useful for any employee in order to prevent possible diseases (and consequential sick leaves) and to save on employees’ health insurance premium;
2) geolocation systems which can be useful in case of vehicles/individuals that need to be in a place in the shortest possible term such as ambulances and workers that need to repair malfunctionings;
3) smart badges that can record the entrance of employees, but also be incorporated in their smartphone and follow them everywhere;
4) other wearable devices that can collect information about their users and trigger alert messages.
What was prohibited so far in Italy?
The Italian Workers Statute prohibited the monitoring of employees. Such prohibition provided some exceptions in case of “defensive checks” i.e. monitoring activities that were required to identify a suspected illegal conduct of employees and aimed at improving the efficiency on the workplace. On this matter, the Italian data protection authority had also issued some guidelines relating to the monitoring of employees’ usage of emails and Internet.
What Internet of Things technologies are allowed under the Italian Jobs Act?
According to the provisions of the Jobs Act
1) devices whose sole purpose is to monitor employees are still prohibited and therefore the software recording how frequently employees digit on their keyboard is likely to still be challenged;
2) devices which have the purpose of either improving the organization and production of a company, or the security on the workplace or the protection of a company’s assets can be used but with the prior approval of trade unions; while
3) devices used either for the working activity or for the recording of accesses/presence on the workplace do not require the consent from trade unions, but only the provision of a privacy information notice to employees.
And the point 3 above is the major innovation introduced by the Jobs Act.
Does it mean that any IoT technology can now be used on the workplace?
The response to the question is NO!
The provisions of the Jobs Act did not introduce exceptions to the applicability of privacy laws which do not consist just in a bunch of paperwork…
In a recent case concerning geolocation technologies implemented in a smartphone provided to workers so that they could reach telecom antennas in the shortest possible term after a malfunctioning, the Italian data protection authority requested that
1) the amount of information was limited to what necessary for the improvement of the company organization, and for instance when employees are off,
2) the geolocation data should not be collected and
3) employees are notified of the collection of data not only through a prior privacy information notice, but even through an icon on the smartphone.
The matter is even more relevant with the upcoming EU Privacy Regulation which will require
1) a prior data protection impact assessment with the involvement of the data protection officer and the prior approval of the competent data protection authority; and
2) the implementation of a privacy by design and security by design approach.
And given that the fines for breach of the above provisions are up to 4% of the global turnover of the breaching entity, the issue cannot be underestimated.
The consequence of the above is that a case by case assessment of Internet of Things technologies used on the workplace has now become absolutely necessary.
@GiulioCoraggio and @GiuZappaterra