As of August 13th, 2022, Legislative Decree No. 104 dated June 27th, 2022 (the so-called “Transparency Decree”), implementing Directive (EU) 2019/1152, came into force, establishing specific privacy obligations for employers, who make use of automated decision-making or monitoring systems. Circular No. 19 published on September 20th, 2022 by the Ministry of Labor and Social Affairs provided clarifications with respect to the privacy profiles mentioned in the Decree. Said Circular not only broadens the scope of the Decree, clarifying that the obligation to disclose information also applies in case of merely incidental human intervention, but also provides some concrete examples of systems that determine the application of the new rules.
The obligations under the Transparency Decree
The transparency obligations mentioned in the Decree are intended to apply to the employer who makes use of two kinds of automated decision-making or monitoring systems, namely the ones:
- aimed at carrying out a decision-making process, providing information, capable of affecting the employment relationship;
- designed to provide information affecting the monitoring, evaluation, performance and fulfillment of contractual obligations.
These obligations, however, are not only information-based, but also require compliance with the principle of accountability and the adoption of a risk-based approach.
Aside from a few residual exceptions, the activities that each employer must put in place are:
- inform the employee, prior to employment, of the use of automated decision-making or monitoring systems, including where integrated into the tools used by the employee to perform work activities;
- update the records of processing with respect to the activities involved in the use of such systems;
- carry out a risk analysis and impact assessment of such processing activities, and undertake prior consultation with the Italian Data Protection Authority, when necessary.
Chatbots used during interviews; resume screening; systems for automated assignment or dismissal of tasks, duties or shifts; work schedule, productivity analysis, pay determination, promotions; tablets, digital devices and wearables, GPS and geolocators, rating and ranking systems are just some of the systems that fall under the application of the Decree.
