The Italian Guarantor has ordered an employer to pay a fine of 84,000 euros for the unlawful processing of personnel data relating to internet browsing.
In fact, monitoring of employee internet browsing is not possible if conducted indiscriminately.
The limit persists even in the presence of specific trade union agreements.
Any control activities must always comply with the Workers’ Statute and the privacy legislation.
This is what was reiterated by the Privacy Guarantor in a sanctioning measure of last 13 May.
An employee, during a disciplinary procedure, had discovered that his Facebook and Youtube consultation during working hours had emerged from a constant control.
The employer used a system of control and filtering of employees’ internet browsing, with the retention of data for one month and the creation of specific reports, for network security purposes.
The employer had also entered into an agreement with the trade unions, as required by the sector regulations, but the system, without having adequately informed the employees, instead allowed unnecessary processing operations that were disproportionate to the purpose of protection and security of the internal network.
In fact, a preventive and generalized collection of data relating to connections to the websites visited by individual employees was carried out.
The system also collected information unrelated to the professional activity and in any case attributable to the private life of the person concerned.
In addition to the injunction, the employer must also take technical and organizational measures to anonymize the data relating to the employee’s workstation, delete personal data in the registered web browsing logs, as well as update the internal procedures identified and included in the trade union agreement.