SMART WORKING AND DATA PROTECTION: HOW TO RECONCILIATE "LAVORO AGILE" AND PRIVACY IN AN EMERGENCY CONTEXT
The current health emergency, linked to the spread of the new coronavirus, has led to a series of government initiatives very impactful on the organization of the companies.
Even the latest Decree, announced by the President of the Council of Ministers on the night between Saturday 21 and Sunday 22 March, reiterates that, in order to carry out its business, "non-essential" companies - which, in general, must remain closed - can to carry out its activities on the mandatory condition of adopting remote work solutions.
Thus, in recent days we hear more and more often about "telework" and "smart working".
The use of these terms, as synonyms, is not correct, as they refer to different ways of performing work.
In the smart working, the employee carries out his work partly inside the company and partly outside the company's working environment, with a total autonomy organisational with regard to working hours and places of work, without the need of a fixed workstation.
In the telework, on the other hand, the employee always works outside the company premises but from a location explicitly defined in the contract, using electronic tools provided by the employer. Working hours, unlike smart working, are also described in the contract and cannot be changed unilaterally by the employee.
Adopting smart working solutions means, in essence, making wise use of digital technologies, updating in an appropriate manner the company's organizational models, of which privacy is an integral part: as a result, security measures must be implemented, case-by-case, with a renewed view to protecting personal data.
In fact, privacy regulations are being violated by those entities or companies that, only now adopting smart working measures to deal with the coronavirus emergency, have not previously adopted the correct company regulations on the use of technological tools, as required by the Privacy Authority since March 2007.
The Decree of the President of the Council of Ministers of 11 March 2020 provides in art. 7 letter a) a recommendation, addressed to those who carry out production activities or provide professional services, to implement "the maximum use by companies of agile working methods for activities that can be carried out at home or at a distance". Furthermore, the new D.P.C.M. of 22 March 2020 provides in art. 1 paragraph 1 letter e) that the production activities of which the activity is suspended "can still continue if organized in remote mode or agile work". So, the possibility of working remotely, thanks to the use of technology, currently represents the main method of execution of the work performance throughout the national territory.
This type of "lavoro agile" puts a strain to the concept of privacy and our Privacy Guarantor Authority has not, to date, issued useful measures to mitigate the risks to which many personal data are thus exposed, often of a sensitive nature, such as those related to health.
One thinks, in this regard, of the hasty remote connections made over VPN to the company servers. Think of fictitious "do-it-yourself security" measures. Think of the use of personal devices to carry out work activities, in the total absence of technical security measures. Think of the lack of a specific company policy for the use of such technology, even outside the company walls, and the huge amount of data made available to employees and collaborators outside the company premises. The list could still be long.
Smart working cannot be an initiative aimed only at workers: the adoption of such a useful tool for the organization of work necessarily requires a real "cultural revolution" towards digital, the implementation of business management models, compliant and shared, of which privacy compliance must be an integral and substantial part.
"The biggest smartworking experiment ever implemented", as defined by the economic newspaper Bloomberg in a recent article, has been implemented by China to stem the spread of coronavirus in the workplace. It can be possible to read, on the Facebook page of the Chinese Embassy to Italy, that "during the unfortunately mandatory quarantine, 18 million companies asked to 300 million employees to work from home. A real revolution that has led to a massive change in the way we work".
On the basis of this example, Italy has made used - correctly - the instrument of agile work, already provided for in its own regulations: a very important test bench not only to test emergency solutions but also to break through regulatory and organizational-management tools that, in the long term, may prove to be of exceptional advantage for the productivity of companies and the improvement of the quality of life of employees.
This is a truly challenging issue, which involves various legal and economic disciplines and requires, as always in these cases, the support to institutions and companies by professionals able to advise and assist the transition with qualified expertise.
This, of course, taking full awareness that, where such "social experiments" take place without caring too much about the problem of privacy and, more generally, in contexts where the legal system is less attentive to the protection of fundamental human rights, Italy cannot, on the other hand, exempt itself from distancing, clearly, from what happens within totalitarian regimes or, if you prefer, "powerless democracy".
Just think, in this regard, that in China, regardless of the emergency, just to give an example, there was already a network of about 400 million video surveillance devices, equipped with technology for facial recognition of individuals, their tracking and prediction of their behaviour, by means of artificial intelligence. An extremely invasive control system which, although it has favoured the containment of the epidemic through the strict control of every movement of the population, has certainly violated and continues to violate the fundamental right of citizens "to be left alone" (the so-called "right to be let alone" theorized in 1890 by Warren and Brandeis, from which today's concept of privacy originates).
It is more than ever in situations of great difficulty, such as the current one, that our country must be a model for the whole World, showing how even emergencies can be managed in full respect of certain values and non-negotiable principles. The protection of personal data and the whole system of rules to protect it, in the supranational sphere with Regulation (EU) 2016/679 (GDPR) and in the national sphere with Legislative Decree no. 196 of 30 June 2003, represents an integral part of those values and principles.
The need to prefer smart working as an instrument of business continuity, both in emergencies and in normal conditions, is perfectly compatible with the respect of the rules but, even before, of common sense, which require the adoption of safeguards for the protection of personal data.
Let's show the world how it is done. Let's show once again that Italy is the absolute excellence made Nation.
Our Firm is at the disposal of managers and entrepreneurs who are interested in going deeper into the subject: do not hesitate to contact us.
* * *
While, like everyone else, I am joining the social distancing measures imposed by the Government to limit coronavirus infections, staying at home, I made a social video to share my thoughts on what you have just read.
Here is to your vision.