The Court of Cassation, with judgement of 1 March 2018 no. 4883, declared that a dismissal for just cause imposed on a worker because he had faked ill health is retaliatory. This is so because the disease of which the employee suffered turned out to be real on the basis of objective data and logical considerations originating in his evident intention to continue to work as an employee of the company. Further according to the Court of Cassation the outlined evidence base was univocal in connecting the employer’s dismissal to the refusal of the employee to accept a transaction on financial issues pertaining to a previous employment, thus revealing a retaliatory intent. Therefore, the Court declared the employer’s dismissal invalid, and condemned the company to reinstate the worker to his former job and to pay litigation fees. In essence, a dismissal, as interrupting act of employment, must be adopted only in the face of the employee’s unfair conduct, which infringes the fiduciary relationship between the parties, and not as a form of vengeance, under penalty of invalidity.

The Data Processor pursuant to Article 28 of the Personal Data Protection Code (the EU “GDPR”) is an external party that processes personal data on behalf of the Data Controller. The Data Processor must be appointed by way of a contract/legal deed that binds it to the Controller. The Data Processor is expressly obliged to guarantee transparency and security of data and must adopt suitable technical and organizational measures.

On 22 March 2018, the Council of Ministers has approved the draft legislative decree laying down provisions on the adaptation of the national laws to the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (the “Regulation”). The draft legislative decree peremptorily sets out that effective from the following 25 May Legislative Decree 196/2003 (so-called “Privacy Code”) shall be deemed repealed by such decree and by the Regulation, thus definitely clearing all the doubts arisen in recent times. The most relevant novelties include a broad decriminalization in case of violation of the “new” rules, in consideration of the strong dissuasive effect exerted by the administrative penalties in the light of Article 83 of the Regulation. Instances of infringement that, due to the particularly detrimental impact they may have on the activity of the Data Protection Authority remain in force. Therefore any individuals who in the proceedings before the Data Protection Authority render misrepresentations or intentionally cause interruption of, or disrupt, the regular performance of duties or exercise of powers of the Authority shall be punished with imprisonment.  Finally, it should be noted that the draft legislative decree provides for the “non-usability of data” as one would logically expect, as a direct and immediate consequence of any unlawful use of data, which, together with the administrative penalties, is an ex-post measure protecting the parties involved. It shall be understood that the draft might be amended before its final approval.

Last 9 March, Italian Trade Unions Confindustria, Cgil, Cisl and Uil, after years of unsuccessful attempts, have signed the so-called “Patto di Fabbrica”, which sets out a framework of shared rules on bargaining, industrial relations, representativeness, welfare and corporate security. The main objective of the Agreement is to modernize and newly define the industrial relations and the organization of collective bargaining with a view to ensuring growth of the national economic system as a whole. Within the agreements reached by the social partners, certainly worth of notice is the reaffirmation of the centrality and important function of the national collective bargaining agreements, the source of governance of employment contracts and guarantee of financial and regulatory conditions, as well as an instrument to stimulate an “upright development” of second-tier collective bargaining negotiations where pay increases will be closely connected to productivity, quality, efficiency, profitability and corporate innovation. Emphasis has also been placed on the enhancement of digitalization processes and on the forms of workers’ participation. The representation measurement of employers’ associations has also been introduced as an anti-dumping measure in order to avert the proliferation of “pirate” collective agreements, stipulated by unions with no representation power and setting out financial and regulatory conditions that can harm competition. In this context, the certifying and monitoring function of CNEL (National Council for Economy and Labour) is strengthened. The “Patto di Fabbrica” is certainly an important milestone in the industrial relations even if presently it is an economic policy platform made of good intentions which must be followed by concrete actions to ensure the desired growth.

The Data Protection Authority, on 26 March 2018, published on its official website a series of clarifications regarding the appointment and duties of the Data Protection Officer (“DPO”). In particular, the Authority listed all the persons obliged to appoint a DPO pursuant to Article 37 (1), b) and c) of Regulation (EU) 2016/679 and underlined that “in any case in the light of the principle of accountability inspiring the Regulation it is recommended to appoint a DPO even in instances of non-compulsoriness.” Otherwise, the Authority simply reiterated the provisions of the Regulation: (i) a group of undertakings may appoint a single data protection officer; (ii) the data protection officer may be a staff member of the controller or processor, or fulfil the tasks on the basis of a service contract (in this case, a public body can be appointed as DPO); (iii) the data protection officer may fulfil other tasks and duties. The controller or processor shall ensure that any such tasks and duties do not result in a conflict of interests; (iv) characteristics and requirements of the data protection officer. The publication of this document is the continuation of the coordination and interpretation activity that the Authority is carrying out, and therefore it will come as no surprise the fact that from today until 25 May other “interpretative” documents may be published (e.g., guidelines, FAQs) relating to other provisions of the Regulation.