Written by 10:33 Media

Italy: A commentary on the newly adopted Transparency Decree

Rocco Panetta and Marta Fraioli comment on Data Guidance on the newly Transparency Decree recently adopted in Italy.

OneTrust DataGuidance

by Rocco Panetta and Marta Fraioli

In order to transpose into the national legal system the provisions of Directive (EU) No. 2019/1152 of the European Parliament and of the Council of 20 June 2019 on transparent and predictable working conditions in the European Union (‘the Directive’), the Italian Government recently adopted Legislative Decree No. 104 of 27 June 2022 (‘the Transparency Decree’). Rocco Panetta and Marta Fraioli, from PANETTA Law Firm, provide an overview of the controversial aspects of the Transparency Decree from a data protection and privacy perspective, particularly regarding its impact on HR departments’ daily activities, as well as on the potential overlays with applicable data protection obligations.

The Transparency Decree was published in the Official Journal on 29 July 2022 and entered into force on 13 August 2022. Given that no grace period was granted, employers shall comply from the beginning in case of new hires.

Through this piece of legislation, the Italian Government introduced significant new obligations to the quality and quantity of information the employer shall communicate to its employees, potentially extending the scope of the Directive, and causing possible overlaps with another important European framework: the one introduced by the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’).

Article 4 of the Transparency Decree amends Legislative Decree No. 152 of 26 May 1997 (‘the Work Decree’) by introducing new Article 1-bis to the Work Decree.

More specifically, Article 1-bis of the Work Decree obliges employers and public and private contractors to properly inform workers when using automated decision-making or automated monitoring. Such information must be provided before the commencement of work, and must include the following additional information (beyond those related to the management of the work relationship from a labour law perspective, according to Article 1 of the Work Decree):

  1. “the aspects of the employment relationship which are affected by the use of the systems (…)
  2. the purposes and aims of the systems (…)
  3. the logic and functioning of the systems (…)
  4. the data categories and main parameters used to program or train the systems referred to in subparagraph 1, including performance evaluation mechanisms
  5. the control measures taken for automated decisions, any correction processes and the person responsible for the quality management system
  6. the level of accuracy, robustness, and cybersecurity of the systems (…) and the metrics used to measure these parameters, as well as the potentially discriminatory impacts of these metrics”.

Such further information shall be provided when the abovementioned systems are able to reveal elements concerning:

  • the phase of recruitment or assignment;
  • the management or termination of the employment relationship;
  • the assignment of tasks or duties; or
  • the information affecting the monitoring, assessment, performance, and fulfilment of the contractual obligations of employees.

With regards to the current workforce, the employer or contractor is obliged to provide, update, or supplement the abovementioned information within 60 days from the entry into force of the Transparency Decree. Breaches of such provisions are punished according to the fines established by Legislative Decree No. 276 of 10 September 2003, as recently amended by Article 5 of the Transparency Decree (for a brief description of the penalty framework, see below).

Assessing current employees-related tools

It would be legitimate to say that systems supporting companies’ decision-making related to employees’ performances or working activity in general are considered, according to Article 1-bis of the Work Decree, as automated decision-making pursuant to Article 22 of the GDPR. However, Article 1-bis of the Work Decree goes beyond the realm of data protection, by providing a ‘reinforced right’ to employees to be exercised in the work environment.

Under this perspective, a very high number of software and applications, nowadays used by companies to evaluate their workforce, are likely to fall within the scope of the broad definition introduced by this new legislation, to the point that a massive rethinking of tools used at company level to manage personnel activities is not only advisable but, rather, necessary.

Read the whole article on One Trus | Data Guidance