“The use of personal data is not subject to the obligation to inform and obtain the prior consent of the data controller when personal data are collected and processed in the context of legal proceedings”. This is “provided that the data are inherent to the area of business and litigation that justifies their collection, that they are not used for purposes other than those of justice for which they were collected, and that the authorizing measure is in place”.
This has been stated by the Court of Cassation, decision no. 24797/2024 of 16 September 2024.
In detail, a few employees – each in the context of their own dispute over matters relating to their employment relationship – had submitted to the court a recording of a conversation that had taken place some years earlier between one of their colleagues and some executives of the employer company. The recording was made without the knowledge or permission of the participants. The executives involved claimed the matter to the data protection authority, which rejected the claim on the assumptions that the recording, and thus the related processing of personal data, had been carried out for purposes related to contesting charges in the context of the employment relationship. At this point, the executives appealed to the ordinary courts.
In addition to the well-established national case-law on the subject, the Supreme Court also refers to the Court of Justice (EU) which, in its judgment of 2 March 2023, C-268/21 – Norra Stockholm Bygg AB v Per Nycander AB, made it clear that “where personal data of third parties are used in a case, it is for the national court to weigh, in full knowledge of the facts and in accordance with the principle of proportionality the interests concerned” and “that assessment may, where appropriate, lead him to authorize the full or partial disclosure to the other party of the personal data thus disclosed to him if he considers that such disclosure does not go beyond what is necessary to ensure the effective enjoyment of the rights which individuals derive from Article 47 of the Charter”.
The Court of Cassation also remainds that “Articles 17 and 21 of the GDPR make it clear that, in the balancing of the interests involved, the right to defend oneself in court may be considered overriding over the rights of the data subject to the processing of personal data”.
AI in companies entails risks related to data security and the protection of know-how. Organizations need appropriate policies to ensure ethical and compliant use. If an employee uses artificial intelligence systems – often generative – to carry out his or her work activities, he or she may, more or less consciously, share company know-how and ....
As recent news events have shown, even the fashion sector has not been spared the growing attention of the authorities (labour, tax and criminal) towards the world of service contracts. The particular interest in such cases is rooted in the frequent use by Italian companies of third-party service providers that, in fact, with a not ....
The negative implications of criminally unlawful acts on the proper execution of work performance, in compliance with the employee’s obligations, constitute just cause for dismissal. The Supreme Court, in ruling no. 31866 of December 11, 2024, established that unlawful conduct outside the workplace may have disciplinary relevance, as the employee is not only required to ....
With note no. 9326 of December, 9, 2024, the National Labour Inspectorate (i.e. “Ispettorato Nazionale del Lavoro” or “INL”) provided an overview of the new sanctions regime introduced by Article 27 of Italian Legislative Decree No. 81/2008, as amended by Italian Decree-Law 19/2024 (converted by Law 56/2024). This regime applies to all violations concerning the ....
