The Spanish Data Protection Authority (i.e. “AEPD”) initiated sanction proceedings against a Spanish company belonging to an international group, following a complaint filed by a former employee.
The employee alleged that the company had added her personal mobile phone number to a corporate WhatsApp group, without her consent, for work-related purposes while waiting to receive a company phone – which she never actually received. Before taking a holiday, the employee had expressly notified the company by email that she would stop using her private number for work matters and had left the corporate WhatsApp group. However, only a few days later, her number was added again to a company group chat. The company argued that the inclusion was temporary, pending delivery of the business phone, and that WhatsApp groups were used solely for internal work communications among employees.
The AEPD, however, found that the use of the employee’s personal number without consent violated Article 6, paragraph 1, of the GDPR, which requires a lawful basis for any processing of personal data.
The Spanish Authority recalled that a personal mobile phone number is a personal data item, and that its use to include an employee in a corporate messaging group constitutes data processing which must rely on one of the legal bases set out in Article 6, paragraph 1, of the GDPR.
In the case under review, there was no consent from the data subject, nor any contractual necessity or other legitimate ground for processing. Moreover, the Spanish Authority stated that the existence of an internal company policy on the use of mobile devices does not exempt the employer from the obligation to establish a proper legal basis for processing.
The company was therefore fined €70,000, reduced to €42,000 after it acknowledged the violation and opted to pay the reduced amount. The AEPD also ordered the company to adopt corrective measures to ensure future compliance with the GDPR.
BYOD (Bring Your Own Device) policies are corporate rules governing the use of personal devices – such as smartphones, laptops, or tablets – for work-related purposes.
In practice, a BYOD policy sets out how employees may use their personal devices to access corporate data, emails, or applications, and defines the relevant security measures.
It is always preferable for companies to provide corporate devices and maintain a clear separation between personal and business tools. However, if the employer decides to allow employees to use personal devices for business purposes, a documented internal policy should be adopted, regulating:
Other related insights:
With Order No. 27253 of October 12, 2025, the Italian Court of Cassation (Labour Section) reaffirmed that the remuneration to be paid to employees during their holiday period must be equivalent to that received during ordinary working periods. In other words, the employer must also include allowances related to the duties performed if these constitute a stable and continuous component of remuneration.
The case concerned an employee of a well-known Italian railway company who worked as a train manager. During his holidays, the company had excluded from his payslip several items such as the on-board allowance, the out-of-district service allowance, the efficiency allowance, and commissions. The employee therefore claimed payment of the pay differences, arguing that these sums formed an integral part of his normal remuneration and should therefore have been duly paid during holidays.
The Court of Appeal of Milan upheld the employee’s claims, recognising that these allowances were closely linked to the duties performed and that their exclusion resulted in an unjustified reduction of salary during holidays—one that could discourage the employee from fully enjoying his rest period. According to the appellate judges, excluding such items led to an unjustified reduction of pay during the holiday period, in breach of the European principle of pay equivalence and potentially capable of deterring employees from exercising their right to annual leave.
The Court of Cassation confirmed this decision, referring to EU Directive 2003/88/EC and the case law of the Court of Justice of the European Union, which establish that the right to paid annual leave is a fundamental principle of European social law. Therefore, during the rest period, the employee must receive “ordinary” pay, including all elements that are stably connected to the performance of work.
The Supreme Court also clarified that a reduced salary during holidays may constitute an “economic deterrent”, inducing employees to forgo their right to rest. For this reason, any pay component reflecting the usual conditions of work—such as mobility allowances, commissions, or compensation for specific inconveniences—must also be included during the holiday period.
With judgment no. 26956 of October 7, 2025, the Italian Supreme Court – Labor Division – confirmed the legitimacy of an employee’s dismissal for exceeding the statutory sick leave period (i.e. “periodo di comport”, the maximum period of protected absence due to illness), reiterating that it is not sufficient for the worker to suffer from a serious illness; the condition must also be formally communicated to the employer through appropriate medical certification.
In the case at hand, the employee had been dismissed for exceeding the limit of 245 days of absence provided by Article 63 of the Italian National Collective Bargaining Agreement (i.e. “CCNL”) for the Logistics, Freight Transport and Shipping sector. The worker challenged the dismissal before the Court of First Instance, arguing that his absences – due to a condition requiring dialysis treatment – should be excluded from the calculation, as they fell within the scope of “particularly serious illnesses” referred to in paragraph 8 of the same article.
The lower court upheld the employee’s claim. However, the Court of Appeal of Ancona, overturning the first-instance decision, held that the contractual clause in Article 63, paragraph. 8, of the NCBA Logistics must be interpreted restrictively, limiting its application only to cases of illnesses requiring formally certified life-saving therapies.
The Italian Supreme Court confirmed this approach, clarifying that the exclusion of absences from the sick leave period constitutes an exception to the general rule and therefore requires strict compliance with the employee’s duty to provide formal notification.
In this case, although the employee had informally informed his supervisor of his medical condition via WhatsApp messages, the medical certificates submitted to the company did not include the box ticked for “serious illness requiring life-saving treatment.” According to the Court, this omission prevented the application of the favorable clause provided under the NCBA.
The Supreme Court further clarified that dialysis therapy indeed qualifies, in abstract terms, as a life-saving treatment. However, the decisive factor was the employee’s failure to fulfill the formal communication requirement. In line with the principles of legal certainty and the formal nature of acts affecting the employment relationship, informal communications – even if timely – cannot serve as proof or substitute for the required medical-legal documentation.
In conclusion, mere employer awareness of the employee’s illness, acquired through informal channels, is not sufficient to justify the exclusion of absences from the sick leave period unless accompanied by explicit and properly issued medical certification in accordance with the applicable procedures.
Other related Insights:
With order no. 27132 of October 9, 2025, the Italian Supreme Court – Labor Division – ruled that a company receiving a “single inspection and notification report” (i.e “verbale unico di accertamento e notificazione”) issued by the Italian Labor Inspectorate has a legitimate interest in bringing an action to annul it, even in the absence of subsequent measures by the Italian National Social Security Institute (i.e. “INPS”), whenever the report contains findings that may lead to social security contribution recoveries.
A company challenged before the Court of first instance of Florence an inspection report issued following checks carried out at one of its construction sites, arguing that the report caused concrete prejudice, particularly concerning its contribution status with the INPS. The first instance Court dismissed the claim as inadmissible for lack of standing, holding that the report had no immediate adverse effects.
The company appealed, but the Court of Appeal upheld the lower court’s decision. According to the appellate judges, the Labor Inspectorate’s report merely recorded the alleged violations and forwarded the file to the competent bodies, without creating any concrete contribution obligation: only a subsequent measure by the INPS could have generated an actual and concrete interest in judicial review.
The Supreme Court upheld the company’s appeal, quashed the appellate decision, and remanded the case to the Court of Florence for a new examination. According to the Court, the “single inspection and notification report” cannot be regarded as a neutral act or one without legal effects, as it establishes violations that may lead to contribution recoveries by social security bodies.
Consequently, the employer faces a concrete risk of losing contribution compliance status and, as a result, being unable to obtain the DURC (i.e. “Documento Unico di Regolarità Contributiva”, i.e. the certificate of social security compliance) or to participate in public tenders.
The Court clarified that this reasoning differs from that followed in administrative sanction matters, where the standing to act arises only upon the issuance of the injunction order. In the field of social security, however, Article 24, paragraph 3, of Legislative Decree no. 46/1999 expressly recognizes the admissibility of a negative declaratory action against a report containing a contribution claim.
Denying such standing would violate Article 100 of the Italian Code of Civil Procedure and Article 24 of the Italian Constitution, as it would prevent judicial protection against an act capable of producing adverse legal consequences.
Accordingly, the Supreme Court held that whenever an inspection report contains findings capable of leading to contribution recoveries, the recipient has a legitimate interest in bringing a negative declaratory action to remove uncertainty regarding the existence and the actual nature of the employment relationship. Such interest is concrete because it serves to prevent the suspension of the right to obtain the DURC and, ultimately, to avoid the emergence of contribution obligations that the employer would subsequently be required to meet.
With order no. 24991 of September 11, 2025, the Italian Supreme Court ruled that the rules governing electronic resignations and the related right of revocation, set out in Article 26 of Legislative Decree no. 151/2015, also apply where the resignation and the subsequent revocation occur during the probationary period (i.e. “patto di prova”).
The dispute arose from an employment relationship established on September 4, 2019, which included a probationary period clause. The following day, September 5, 2019, the employee submitted his resignation, only to revoke it on September 12, 2019, within the seven-day time limit provided by law. The employer, however, did not consider the revocation effective.
The employee therefore brought the matter before the Labor Court, which upheld the claim, declared the revocation valid, and ordered the company to reinstate the worker so that the probationary period could be completed.
The decision was confirmed by the Court of Appeal, seized by the employer.
The judges of merit based their ruling on the wording of Article 26 of Legislative Decree no. 151/2015, which regulates electronic resignations. They observed that the law expressly excludes its application only to certain categories of employment (domestic work, employment in public administrations) or to particular procedures (resignations formalized before labor authorities), without mentioning the probationary period. The Court of Appeal also considered irrelevant Ministry of Labor Circular no. 12/2016, which had suggested the exclusion of resignations during probation from the electronic procedure, qualifying it as an internal administrative act with no binding legal force for the judiciary, since it introduced a derogation not provided for by primary legislation. The company appealed to the Supreme Court.
The Supreme Court, with the order under review, dismissed the employer’s appeal, fully confirming the decision of the lower courts and providing important clarification on the scope of the electronic resignation procedure.
First, the Court addressed the applicability of Article 26 of Legislative Decree No. 151/2015 to resignations during probation. It reiterated that the exceptions provided for in paragraphs 7 and 8-bis of the law are exhaustive and must be strictly interpreted. Since the probationary period is not included among them, the general rule, including the right of revocation within seven days, must be regarded as fully applicable. The Court also rejected the employer’s reliance on the ministerial circular, stressing the non-binding nature of such acts for the judiciary and specifying that, in this case, the circular went beyond mere interpretation, attempting to alter the legislative text.
The Court further emphasized the different ratio of the two institutions: the probationary period aims to protect the parties’ common interest in testing the employment relationship, while Article 26 of Legislative Decree No. 151/2015 seeks to combat the phenomenon of so-called “blank resignations” (i.e. “dimissioni in bianco”, undated resignation letters unlawfully pre-signed by employees at the time of hiring) and to ensure the authenticity of the worker’s will. According to the Court, these purposes do not conflict but operate on distinct levels.
Second, the Supreme Court rejected the employer’s argument regarding the consequences of revocation. The company argued that even if the revocation were effective, the worker would only be entitled to damages, not reinstatement, given the free terminability of the employment relationship during probation under Article 2096 of the Italian Civil Code.
The Court refuted this argument, noting that the case law limiting remedies to damages applies only to cases of unlawful termination by the employer during probation. In this case, instead, the issue concerned the employee’s resignation, which was rendered null and void ex tunc by a timely and valid revocation. The revocation, exercised within the statutory period, removes the resignation from the legal sphere, as if it had never been made. As a result, the employment relationship was never interrupted. The company’s order to reinstate the worker for completion of the probationary period was therefore confirmed by the Supreme Court, without prejudice to the right of either party to terminate during probation once it has lasted long enough.
