The mass use of information technology continues to have a significant impact in the employment field, with an increase in disciplinary dismissal following the remote monitoring of employees. This brief note offers an update for employers in light of recent decisions.

In Italy, remote monitoring - that is, monitoring by an employer that is directed or potentially directed at the working activity of its employees - is prohibited by Section 4 of the Statute of Employees (Law 300/1970), as well as by Section 114 of the Data Protection Code (Legislative Decree 196/2003), which refers to the same provision.

These sections prohibit the use of monitoring systems with the sole purpose of monitoring employees in their professional activity, except for purposes related to the employer's organisation or productivity, or for security reasons.

Italian law has established that remote monitoring is permitted only in such cases. In addition, Section 4(2) of the statute requires employers to implement a co-determination procedure with internal trade union representatives (or, where there are no such representatives, with the competent labour office).

Furthermore, the Supreme Court has specified that the term 'remote' may refer to a remove in space or time. Thus, recording employees' personal data using a system that allows for monitoring at a later date falls into this category.

An exception is generally made for a different category of monitoring, termed 'defensive monitoring'. Such monitoring is permitted because it focuses on protecting the integrity of an employer's business assets, although it may potentially identify malfeasance, civil wrongs and criminal offences committed by employees in connection with the performance of their professional activities.

However, defensive monitoring operations are subject to Section 4 of the statute if the monitoring in question covers an employee's performance.

The difference between the two types of monitoring - remote monitoring and defensive monitoring - has been underlined by recent Supreme Court decisions, which posed the question in light of the majority (but not unanimous) views expressed in case law.

Decision 4375 was issued on February 23 2010. With reference to remote monitoring, the Labour Section of the Supreme Court found that computer programs which monitor email correspondence and internet use are deemed to be monitoring tools if they allow an employer to conduct remote and continuous monitoring of its employees. As a result, personal data collected by such computer programs cannot be used as evidence if the employer in question has not complied with the relevant procedures under Section 4(2).

However, on the issue of defensive monitoring, Decision 20722, which was issued on June 1 2010 by the Criminal Section of the Supreme Court, stated that monitoring for the purpose of identifying possible unlawful conduct on the part of employees is legitimate, and that the information thus obtained is admissible as evidence of an employee's criminal offences. In the case in question, the employee was convicted of misappropriation.

Internet and email monitoring

Internet and email monitoring usually falls within the category of remote monitoring. In the context of Italian law, employers must duly consider Italy's data protection provisions, particularly the Data Protection Code and the Guidelines on Use of Emails and the Internet in Employment (issued on March 1 2007).

Employers must always provide clear-cut, detailed information on the appropriate methods of using IT equipment that they make available to employees. Similarly, clear information information must be provided on whether, how and to what extent such use will be monitored.

In any case, employers may not carry out computer monitoring - for the reasons explained above - unless they (i) are justified in doing so in exceptional cases, and (ii) act according to the previously defined terms in order to safeguard their business assets and ensure their employees’ privacy.

Practical effects

The restrictions imposed by the law must be observed. However, even within these limits, remote monitoring is clearly a potentially useful tool for employers seeking to optimise the productivity of their organisation.

However, such monitoring often triggers complaints from employees when challenging disciplinary measures or (more often) unfair dismissal. Therefore, employers must take care to comply with all conditions of the statute and of data protection law. Failure to do so may prevent employers from using personal data about employees as evidence in subsequent judicial proceedings. Moreover, employers that ignore the rules lay themselves open to fines and criminal penalties under Section 38 of Statute of Employees and under the Data Protection Code.