Summary Facts Of The Case
A worker of a “call-center” enterprise appeals a dismissal for misconduct by challenging the violation of Article 4 of the Workers 'Statute (Law 300/1970) which provided – before the entry into force of Jobs Act (d.lgs. 151/2015) - that audiovisual equipment and other instruments from which the possibility of remote control of workers' activities can also be used exclusively for organizational and production needs, for the protection of the safety of work and of integrity of the company assets and can be installed by agreement stipulated with the unitary union representation or by the company trade union representatives.
In fact, the employer, as a result of checks on the performance by the employer, within the scope of its corporate organization, caught her during activities involving the illegitimate display of data traffic of people not corresponding to actual work needs, as not deriving from specific customer requests.
As a result of investigations, 34 of the 46 ascertained activities has been carried after the entry into force of the Jobs Act, which emended the Workers’ Statute providing that information collected can be used for all purposes related to the employment relationship and that the worker should be given adequate information on how to use the tools and carry out controls and according to national data protection framework.
The purpose of the Art. 4 Law 300/1970 is not only to establish a system of guarantees of a substantial nature and procedural to protect privacy of the worker, but also to put the latter in a position to know such guarantees. Therefore, the provision applicable is the one before the entry into force of Jobs Act. The theory of defensive controls assumes importance, according to which monitoring measures were not taken with the intent to monitor the contractual obligations of the worker but in order to ascertain illegal conduct detrimental to the company assets and rights of third parties.
The misconducts attributed to the worker are illegitimate both under criminal law violations for illegal access to the computerized and telematic system and under civil law for violation of the privacy of third parties.
In this case, it seems to be correct to refer to the control exercised by the employer in the context of the defensive checks, as it is aimed at ascertaining the existence of behaviors characterized by profiles of unlawfulness other than the mere breach of contract.
Furthermore, the control tool adopted by the company has been the only one available to reach the aim pursued.
With regard to the seriousness of the conduct established, taking into account that they are carried out by a public service representative and have also emerged in an undue intrusion into the assets of sensitive data belonging to an unaware user of an essential public service, must be considered established that they are serious enough to justify dismissal.
Comments
Protection of privacy at the workplace Italy
Article 15 of Constitution of the Italian Republic establishes the fundamental right to liberty and secrecy of correspondence and any other kind of communication.
Limitations on this right are permitted only on the basis of an order from a judicial authority and only in such cases established by law.
Section 4 of Law No. 300 of the 20th May 1970 (“Statuto dei Lavoratori”), which has been recently reformed by Section 23 of Legislative Decree No. 151 of the 14th September 2015 (“Jobs Act”), provides for (i) a specific regulation governing the power of surveillance and monitoring by employers over electronic communications in the workplace; and (ii) the general conditions for remote control over employees in the workplace.
Dispositions provided in Section 4 of the Statuto dei Lavoratori are inserted within the framework of Legislative Decree No. 196 of the 30th June 2003 (“Privacy Code”), which is a general text governing the collection and the processing of personal data by any kind of public or private entity.
In particular, Section 114 (Remote controls) § 3 of the Privacy Code, provides as follows:
“The dispositions of the Privacy Code shall apply without prejudice to Section 4 of the Statuto dei Lavoratori”.
Section 4 (“Audiovisual installations and other tools of control”) § 1 of the Statuto dei Lavoratori, in its new wording, provides as follows:
“Audiovisual installations and other tools of control which give even the possibility of remote controls over the work activity of employees may be used only in view of organizational and productive necessities, of the safety of the work and of the protection of the corporate assets, and they may be installed only in case of prior collective agreement concluded by the company-based trade unions […]. In the absence of such agreement, audiovisual installations and other tools of control may be installed only in force of prior authorization of the Territorial Direction of Work [Direzione Territoriale del Lavoro] or […] in force of prior authorization of the Ministry of Labour”.
Section 4 § 2 of the Statuto dei Lavoratori, in its new wording, provides as follows:
“The provision sub § 1 does not apply neither to tools used by the employee for carrying out his work nor to tools for the registration of accesses and of presences in the workplace”.
Section 4 § 3 of the Statuto dei Lavoratori, in its new wording, provides as follows:
“The information collected in accordance to §§ 1 and 2 may be used in view of every aim related to the employment relationship, under the condition that the employee is provided with an adequate information on the way these tools are used and on the way the controls are carried out, and in accordance to provisions laid down by the Privacy Code”.
Therefore, an analysis of Section 4 of the Statuto dei Lavoratori demonstrates that the domestic legislation governing the power of surveillance and control over the activity of the employees in the workplace is based on four fundamental rules.
Firstly, the installation of tools used for direct control, surveillance, and monitoring by the employer of work activity carried out by his/her employees is prohibited (Section 4 § 1 of the Statuto dei Lavoratori).
Secondly, the national law provides for specific objective conditions that are required for the installation of audiovisual tools and other tools of control that give even the possibility of remote control over the activity of employees (Section 4 § 1 of the Statuto dei Lavoratori).
Thirdly, the national law does not provide for any specific objective conditions with regards to the installation and use of working tools that give the employer the possibility of remote control over the activities of employees (e.g. tablets, mobile phones, computers, laptops, and GPS technology, where the employee has been supplied with these types of working tools by his/her employer) (Section 4 § 1 of the Statuto dei Lavoratori).
Finally, information that has been collected in accordance with §§ 1 and 2 may be used by the employer for any purpose that is related to the employment relationship. However, this must comply with the condition that the employee is adequately informed (in accordance with provisions laid down by the Privacy Code) on: (i) the way these tools of control are used, and (ii) the method by which control and surveillance is carried out.
Both the previous and new wording of Section 4 of the Statuto dei Lavoratori raise two significant questions that have been the subject of debate.
Firstly, no rules are provided for with respect to the conditions or limits on the power of control over private electronic tools of the employee such as, the personal Facebook or Twitter account of the employee or other general personal social networks accounts.
Secondly, mixed usage of electronic working tools (both business and personal use) supplied by the employer (such as mobile phones, tablets, corporate cars equipped with GPS technology), is a common practice established by company policies. However, no specific rules have been provided for under Section 4 that deals with the power of control exercised by these types of working tools.
Case law of the Labour Chamber of the Court of Cassation
Considering the recent entry into force of the reform Jobs Act, there is no case law of national courts dealing with the interpretation of Section 4 of the Statuto dei Lavoratori in its reformed wording. However, the Italian Legislator when reforming the wording of Section 4 of the Statuto dei Lavoratori, adopted a general approach in applying the principles laid down in the established case law that had already been developed by the Court of Cassation when interpreting Section 4 before its reformed wording (i.e. before the entry into force of the reform Jobs Act ).
Therefore, even if the existing case law remains a development on Section 4 of the Statuto dei Lavoratori (i.e. the previous wording), current case law could provide guidance to the judiciary when dealing with questions related to such matters.
The most relevant and debated issue that has been developed in the case law of the Court of Cassation is the so-called “defensive controls” (“controlli difensivi”).
Defensive controls are a specific type of remote control that have the direct purpose of establishing illegal or unlawful conducts carried out by employees, such as criminal conducts made during the performance of work contracts.
The question of compliance with a law that allows this type of control has been strongly debated. On one hand, Section 4 § 1 of the Statuto dei Lavoratori expressly prohibits the use of any tool of control that has the purpose of controlling the proper fulfilment of the work contract by the employee. However, on the other hand, the literal wording of Section 4 does not provide any legal sanction for serious misconducts carried out by employees during the course of their employment.
Initially, the Court of Cassation held that defensive controls were in any case permissible, so that guaranties provided under Section 4 of the Statuto dei Lavoratori would never apply to the illegal or unlawful conducts carried out by the employee during the course of their employment (Court of Cassation, judgement n. 4746 of the 3th April 2002).
In subsequent cases the Court of Cassation moved towards a more restrictive reading of Section 4 of the Statuto dei Lavoratori. The Court of Cassation held that Section 4 of the Statuto dei Lavoratori would apply even to defensive controls, which can only be deemed lawful when all conditions provided under Section 4 have been complied with. Thus, all the guaranties established by Section 4 of the Statuto dei Lavoratori must be observed by the employer.
In practice, this means that defensive controls may be deemed lawful only in cases where the employer, while carrying out surveillance activity using tools of control that have been duly installed in compliance with the guaranties and aims provided by Section 4 §1 of the Statuto dei Lavoratori, and “occasionally” discovers the illegal conduct of the employee (“controllo preterintenzionale”: see Court of Cassation, judgements No. 4375 of the 23th February 2010; No.16622 of the 1st October 2012).
However, in a final development, the Court of Cassation retracted its position and held that defensive controls fall outside of the scope of Section 4 §1 of the Statuto dei Lavoratori, so that they are in any case allowed (Court of Cassation, judgement No. 19091 of the 17th May 2013).
Court of Cassation, judgement No. 2722 of the 23th February 2012
In judgement No. 2722 of the 23th February 2012, the Court of Cassation ruled on a case that involved the inspection of the corporate e-mail account of an employee who was suspected to have revealed and disclosed confidential information regarding a client of the bank employer.
The Court of Cassation held, in this specific case, that the activity of control was in compliance with Section 4 of the Statuto dei Lavoratori, given that the control was not directly motivated towards monitoring the proper fulfilment of the employee’s work duties, (which is prohibited by § 1 of Section 4), but the purpose of control was to ensure the protection of corporate assets and the public image of the bank (i.e. the fulfilment of one of the specific objective aims established by § 1).
Court of Cassation, judgement No. 10955 of the 27th May 2015
Neither in the new nor former wording of Section 4 of the Statuto dei Lavoratori, provides for any provision that deals with the conditions of and the modalities of control of private electronic tools of the worker, such as, private e-mail accounts, private Facebook or Twitter accounts, and general private social networks accounts, which give the possibility of intensive types of remote surveillance on the employees.
In judgement No. 10955 of the 27th May 2015, the Court of Cassation ruled on a case involving an employee who spent a lot of time on Facebook during work hours. In order to gather evidence that the employee was not fulfilling his employment duties, the employer created a fake female Facebook profile, joined the Facebook friend list of the employee, and began chatting with him during work hours.
The Court of Cassation held, in this specific case, that the creation of a fake Facebook profile with the aim to control the use of social networks during work hours was in compliance with the provisions of Section 4, given that the press that the employee was assigned to got stuck during his abandonment of his work station. Thus, the purpose of control in this situation was to ensure the safety of the workplace rather than monitoring the proper fulfilment of employment duties by the employee. Thus, the means and method of control in this case complied with the conditions provided for by Section 4.
Court of Cassation, judgement No. 9904 of the 13th May 2016
In judgement No. 9904 of the 13th May 2016, the Court of Cassation ruled on a case that involved the installation of an ID badge electronic reader that had the capabilities to detect any absence, suspension, and break in any work activity. It was also capable of immediately comparing all information that related to all the workers employed in the company.
The Court of Cassation held, in this specific case, that this type of surveillance was unlawful for the following reasons. On one hand, this allows for the company to have direct control in overseeing the proper fulfilment of work duties by its employees, which is in itself prohibited by § 1 of Section 4. On the other hand, the objective conditions provided for by Section 4 of the Statuto dei Lavoratori were not observed because any guarantees of privacy and dignity that the employee may enjoy was breached by the employer (see also judgement No. 2531 of the 9th February 2016 where the Court held that a remote control tool that allowed a supervisor to directly view (in real-time) the computer screen of the employer was unlawful).
In conclusion, there is no case law of national courts that deal specifically reference the new wording of Section 4 of the Statuto dei Lavoratori.
However the Italian Legislator, when reforming the wording of Section 4 of the Statuto dei Lavoratori, applied the general principles already established in the case law that has involved the interpretation of Section 4 of the Statuto dei Lavoratori in its previous wording.
Therefore, the existing case law could be of future assistance to the judiciary when it deals with questions relating to such matters.
Special legal action for the protection of privacy.
According to Section 145 of the Privacy Code, an aggrieved individual can lodge an application before the administrative “Authority for the protection of personal data” (so-called “Garante per la protezione dei dati personali”), which is empowered, inter alia, to hear any claim involving the violation of laws that govern the protection of personal data. This does not prejudice the individual’s right to bring an action before a civil or administrative judge.
Special provisions granting specific rights are provided for in the matter of working relationships (Sections 111-116 of the Privacy Code), but no special procedural remedies are provided in cases where infringement of the law has occurred in the workplace.
The Decree of the Authority for the protection of personal data of the 1st March 2007 provides that employers and corporate supervisors may have legal access to the computers that have been supplied to employees only when the employees have been duly and fully informed about the conditions and modalities of such access.