|OVERVIEW||Privacy and data protection laws aggressively enforced by the Italian Data Protection office.|
|GENERAL PRIVACY LAWS||Italian Constitution has several limited provisions related to privacy – although none specifically apply to the workplace.|
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||
The Italian Personal Data Protection Code implements the Directive and applies to workplace monitoring.
|TYPE OF DATA PROTECTED||Personal Data.|
|WORKPLACE PRIVACY LAWS||
The Italian Personal Data Protection Code brings together all of the various laws, codes and regulations relating to data protection since 1996. The Code implements Article 8(b) of the Directive on the processing of sensitive data. Section 26(4d) allows the processing of sensitive data without consent if necessary to meet obligations under employment law.
The Code implemented parts of the E-Communications Privacy Directive (see Title 10, Part 2 of the Code).
Section 115 of the Code relates to the protection of home-based or “teleworkers.” The Code requires employers to ensure that the employees’ personality and moral freedom are respected. Additionally, the Code provides: “Home-based workers shall be required to ensure confidentiality as necessary with regard to all family-related matters.”
Section 134 relates to video surveillance, but only notes that the Italian Guarantee will encourage the adoption of a code of conduct for conducting such monitoring.
Legge No. 93 of March 29, 1983, applies to workplace monitoring but does not prohibit employers’ rights in this area.
Article 4 of the Workers’ Statute (Law No. 300/70) prohibits the use of new technologies to control workers’ activities – although this does not prohibit workplace monitoring. Under this statute, employers are prohibited from investigating political, religious or trade union opinions of workers.
The Data Protection Act contains restrictions on the transfer of personal data to third countries outside of the European Economic Area (EEA). Personal data can be transferred to another country only if that country ensures the level of data protection that corresponds to the level of data protection in Italy.
Section 12 of the Data Protection Act regulates the transfer of personal data to third countries outside of the European Union.
|FINES AND SANCTIONS||Civil and criminal penalties are provided under the law. The Italian Civil Code, Art. 2050, also permits the recovery of damages.|
|OTHER PRIVACY LAWS AND REGULATIONS||
Italy's statute on workers' rights (Act no. 300/1970)
Italy's Personal Data Protection Code governs the processing of personal health data in Italy.
General Authorization for the Processing of Genetic Data. "Genetic data" is defined as "any data that, regardless of its type, concerns an individual's genotypic characteristics, or the pattern of inheritance of such characteristics within a related group of individuals"