The unfortunate spread of COVID-19 throughout Italy led to some interesting legislative measures.
Thanks to a Decree of the Prime Minister adopted on March 1, 2020, employers could employ their workers by remote working, even without the individual agreements in writing mandated by Law no. 81/2017.
- Remote or “smart” working is not mandatory. It is up to the employer, given its responsibility for the organization of the working activity, to decide whether or not to adopt remote working both for employees who work in areas at risk and for employees who live in such areas but work outside.
- Secondly, for the next six months the principle of consent, on which remote working is based, will be waived: the employer will be able to arrange such method of working “even in the absence of individual agreements.” In case of refusal by the employee, disciplinary sanctions may be applied. On the contrary, the employee may not use smart working without a specific indication by the employer.
- With regards to formal requirements, no precise written provision is needed. An e-mail or a verbal arrangement may be sufficient.
During this time, smart working will be considered as a measure of health and safety at work and the employers should provide for the relevant IT instruments to allow the employee to arrange remote working.
Moreover, last February, before the outbreak of COVID-19 crisis, Regione Lombardia already launched a campaign to make public funds available for employers that never implemented plans of smart working. The employers can send the application starting from April 2, 2020, until December 15, 2021, up to availability of the subsidies. We could assist the employers to define the relevant plan.
Ordinance no. 630, adopted on February 3, 2020, as an emergency measure to contrast coronavirus has been approved by the Italian Data Protection Authority. Surprisingly, it in fact lowers the protection of individuals in light of the public interest.
More specifically, the Italian Data Protection Authority pointed out that, pursuant to Section 9 of GDPR, certain personal data may be legitimately processed for reasons of public interest in public healthcare – particularly in case of serious cross-border threats against healthcare – while ensuring appropriate measures to protect the rights of the concerned individuals, with a specific focus on professional secrecy.
In light of the above and considering the ongoing COVID-19 crisis, the measures taken allow personal mobile communication data and geolocation to be analysed in order to trace connections and contacts amongst individuals. However, such decision does not set forth specific countermeasures in order to protect the rights of the concerned individuals.