“The use of personal data is not subject to the obligation to inform and obtain the prior consent of the data controller when personal data are collected and processed in the context of legal proceedings”. This is “provided that the data are inherent to the area of business and litigation that justifies their collection, that they are not used for purposes other than those of justice for which they were collected, and that the authorizing measure is in place”.
This has been stated by the Court of Cassation, decision no. 24797/2024 of 16 September 2024.
In detail, a few employees – each in the context of their own dispute over matters relating to their employment relationship – had submitted to the court a recording of a conversation that had taken place some years earlier between one of their colleagues and some executives of the employer company. The recording was made without the knowledge or permission of the participants. The executives involved claimed the matter to the data protection authority, which rejected the claim on the assumptions that the recording, and thus the related processing of personal data, had been carried out for purposes related to contesting charges in the context of the employment relationship. At this point, the executives appealed to the ordinary courts.
In addition to the well-established national case-law on the subject, the Supreme Court also refers to the Court of Justice (EU) which, in its judgment of 2 March 2023, C-268/21 – Norra Stockholm Bygg AB v Per Nycander AB, made it clear that “where personal data of third parties are used in a case, it is for the national court to weigh, in full knowledge of the facts and in accordance with the principle of proportionality the interests concerned” and “that assessment may, where appropriate, lead him to authorize the full or partial disclosure to the other party of the personal data thus disclosed to him if he considers that such disclosure does not go beyond what is necessary to ensure the effective enjoyment of the rights which individuals derive from Article 47 of the Charter”.
The Court of Cassation also remainds that “Articles 17 and 21 of the GDPR make it clear that, in the balancing of the interests involved, the right to defend oneself in court may be considered overriding over the rights of the data subject to the processing of personal data”.
With note no. 9326 of December, 9, 2024, the National Labour Inspectorate (i.e. “Ispettorato Nazionale del Lavoro” or “INL”) provided an overview of the new sanctions regime introduced by Article 27 of Italian Legislative Decree No. 81/2008, as amended by Italian Decree-Law 19/2024 (converted by Law 56/2024). This regime applies to all violations concerning the ....
In its ruling no. 2058 of January 29, 2025, the Italian Supreme Court confirmed the legitimacy of a just cause dismissal for an employee who had publicly defamed her superiors via social media. The case and the first-instance decision This case concerns an employee who was dismissed for just cause after posting defamatory statements on ....
With ruling no. 2618 of February 4, 2025, the Italian Supreme Court upheld the legitimacy of the dismissal for just cause of an employee who, while on parental leave, engaged in parallel employment, thus abusing this right. In the case in exam, during his parental leave, the employee had started a car-buying and selling businesswithout ....
On 20 February 2025, Decree-Law No. 6/2025, known as the ‘Decreto Milleproroghe’, was definitively approved by the Chamber of Deputies, which once again intervenes on fixed-term contracts, in particular on the reasons justifying such temporary employment relationships. The Decree extends until 31 December 2025 the possibility for private employers to enter into fixed-term contracts exceeding ....
