The Italian Data Protection Authority restricts the monitoring of employees’ internet access and e-mail use

The Italian Data Protection Authority (“IDPA”) issued its first decision interpreting the amended Section 4 of the “Workers’ Bill of Rights,” concerning the monitoring of employees’ internet access and e-mail use.

In particular, the employees of a University in Italy claimed their employer monitored their personal data, by recording their web-browsing file logs (specifically, the Media Access Control address, “MAC Address”, and the Internet Protocol address, “IP Address”) and other personal internet-access information, using hidden software operating “in the background”.

The IDPA inquired and found the employer had wrongly classified its employees’ MAC and IP address data as being subject to no “personal protection” rules. This classification, according to the IDPA’s decision, would run contrary to the principles established by the EU Council of Ministers in its Recommendation No. CM/Rec (2015) 5, dated 1 April 2015. Therefore, the IDPA found the generic notice included in the University’s internal privacy policy, concerning its monitoring of internet access and e-mail use by employees, was insufficient under Section 13 of the Italian “Data Protection Code”. The IDPA further declared the relevant principles of “actual need and proportionality” had been breached by the University in performing such invasive and indiscriminate monitoring.
FULL Story …

Be the first to comment

Leave a Reply

Your email address will not be published.


*


*