Restrictions in the Workplace
The 1 March 2007 ‘Guidelines applying to the use of e-mails and the internet in the employment context’ of the Italian Privacy Authority state that the employer can issue internal policies, codes of conduct or guidelines on the use of internet and e-mails by using clear-cut, non-generic wording, which shall be adequately publicized and updated regularly.
For instance, it should be clarified, depending on the circumstances, whether certain types of conduct are not permitted (e.g., browsing the internet, downloading music files and/or software or keeping certain files on the Intranet), whether (and if so to what extent) employees can use e-mail and network services for personal purposes, even though this may only be possible from certain workstations and/or accounts or else via webmail systems, in which case the relevant arrangements and time constraints should be specified (e.g., whether using such systems is only allowed outside working hours or during breaks, or whether they may also be used with moderation during working hours).
In addition to drafting and circulating internal policy document detailing the appropriate use of IT devices and the relevant controls, if any, the employer has the duty to always inform data subjects about their data treatment in pursuance of section 13 of the GDPR.
To reduce the risk of internet use for purposes other than discharging labour tasks, the employer may take measures by having regard to the peculiarities of the specific professional requirements, specifying the categories of websites that are regarded as related/unrelated to the work performed, configuring systems and/or deploying filters to prevent certain operations from being performed (e.g., blocking access to certain sites, or limiting downloading of files or software that are a certain size or data type).
Can the employer monitor, access, review the employee’s electronic communications?
The main reform on statutory rules governing employees’ surveillance took place in 2015, when the so-called “Jobs Act” regulations came into force (these include the Legislative Decree no. 151/2015 setting forth the “new” rules on employees’ surveillance). These changes have modified section 4 of Law no. 300/1970 (the so-called “Workers Statute”), by loosening restrictions governing employees’ remote control, considering the technological progress and with the purpose of finding a balance between the production-related and organizational needs of the employers, on one side, and the dignity and the right to privacy of the employees, on the other side. In the later years, no additional main changes took place.
Under the current legal framework, the instruments and equipment that are potentially able also to monitor employees are permitted only to the extent they are required for organizational, productive or safety reasons or for the safeguard of the company assets and provided that their use is agreed with the work council/most representative trade unions or authorized by the Labour Office depending on the specific case. Such rules do not apply (thus no agreement or authorization is needed) to the instruments/equipment which are used by the employees for performing the activity (e.g., laptop, mobile and e-mail) and to devices which are used by the employer to register the employees’ accesses and attendance at the workplace. In addition, data and information collected through such instruments/equipment can be used for all purposes related to the employment relationship provided that the employees have been adequately informed on how instruments must be used and how controls can be carried out, in compliance with data protection legislation.
As the use of social media has become nearly a part of our life, there is indeed an increasing number of labour proceedings triggered by employees’ dismissals due to their comments on such platforms. If an employee posts a negative comment on the company, his/her colleagues, the company’s products or its customers, there is the risk that such conduct may lead to disciplinary consequences, including the termination of the employment relationship by the employer, depending on the seriousness of the misconduct. Indeed, the relevant assessment shall be carried out on a case-by-case basis, thus considering the specific circumstances characterizing each case.
Criteria to be taken into consideration by the Labour Courts when carrying out such an assessment include, but are not limited to, the existence of a company policy which has been breached by the employee, the fact that the employee’s profile on social media is public or private (i.e., the comments by the employee may only be read by those individuals who qualify as his/her “friends”), whether the employee’s conduct could damage or not the employer’s brand. Another criterion which has to be taken into account is the freedom of expression under section 21 of the Italian Constitution: indeed, based on case-law, employees are entitled to criticize the employer as a right associated with their freedom of expression, to the extent that either certain requirements are met, either “substantial” (the criticism relies on founded grounds as this is true) or “formal” (modalities used by employees are not as such as to unfoundedly damage the respectability of the employer, offend his honour or cause any damage whatsoever to this).
Due to the absence of a statutory regulations governing the use of social media by employees and considering its increasing importance, many clients – especially multinational companies – have implemented company policies regulating its use, which may help when taking disciplinary measures against an employee.