The Italian Data Protection Authority restricts the monitoring of employees’ internet access and e-mail use
June 16, 2017
Authored by: Fulvio Pastore-Alinante and Federica Dendena
The Italian Data Protection Authority (“IDPA”) issued its first decision interpreting the amended Section 4 of the “Workers’ Bill of Rights,” concerning the monitoring of employees’ internet access and e-mail use.
In particular, the employees of a University in Italy claimed their employer monitored their personal data, by recording their web-browsing file logs (specifically, the Media Access Control address, “MAC Address”, and the Internet Protocol address, “IP Address”) and other personal internet-access information, using hidden software operating “in the background”.
In the decision, the IDPA found the following technical means of internet monitoring to be lawful, to the extent they are strictly connected with the employees’ work or the safety of the employers’ information network: (a) monitoring log-ins to verify the proper use by the employee of the e-mail system made available by