Italy

The Italian Personal Data Protection Code implements the Directive and applies to workplace monitoring.

Personal Data Protection Code 2003

The Italian Personal Data Protection Code brings together all of the various laws, codes and regulations relating to data protection since 1996. The Code implements Article 8(b) of the Directive on the processing of sensitive data. Section 26(4d) allows the processing of sensitive data without consent if necessary to meet obligations under employment law.

The Code implemented parts of the E-Communications Privacy Directive (see Title 10, Part 2 of the Code).

Section 115 of the Code relates to the protection of home-based or “teleworkers.” The Code requires employers to ensure that the employees’ personality and moral freedom are respected. Additionally, the Code provides: “Home-based workers shall be required to ensure confidentiality as necessary with regard to all family-related matters.”

Section 134 relates to video surveillance, but only notes that the Italian Guarantee will encourage the adoption of a code of conduct for conducting such monitoring.

Legge No. 93 of March 29, 1983, applies to workplace monitoring but does not prohibit employers’ rights in this area.

Article 4 of the Workers’ Statute (Law No. 300/70) prohibits the use of new technologies to control workers’ activities – although this does not prohibit workplace monitoring. Under this statute, employers are prohibited from investigating political, religious or trade union opinions of workers.

The Data Protection Act contains restrictions on the transfer of personal data to third countries outside of the European Economic Area (EEA). Personal data can be transferred to another country only if that country ensures the level of data protection that corresponds to the level of data protection in Italy.

Section 12 of the Data Protection Act regulates the transfer of personal data to third countries outside of the European Union.