A company has asked the Authority for the protection of personal data to ascertain – prior to the implementation of such a system –the lawfulness of:
“(…) retention of personal data due to the installation of a specific application ˗ containing a geographical localisation function ˗ on the employees’ smartphones, configured to effect the ‘clocking-in procedure and attendance register’ (…).
“Such an application, developed by (…) s.r.l., and configured in such a way as to permit access ˗ via authentication with a user ID and password ˗ to the employee, who “clicks on the ‘start’ icon to indicate the start of work and the ‘end’ one to indicate the end of the working day” (…).
“As specified in the technical report attached to the request ‘when the App is activated, it presents the worker with the name and surname that has been registered so as to confirm identity and informs him or her of the range of the clocking-in location […]. This information having been verified, the worker can choose when to effect the clock-in by selecting the appropriate button (start or end of activity). Only then does the App ask the smartphone for the geographical coordinates for its current location […] and it then transmits them to the clocking-in registration system […] along with the worker’s identifying code, on the act of clocking-in and at the time and on the date that this is done’ (see. attachment to the request.)”.
The system has been proposed as being “non-obligatory” (also because not all employees have a smartphone).
The Authority for the protection of personal data, in ruling no. 350 of 8 September 2016, ruled that the system was one that involves the retention of personal data of employees, and which allows the geographical location of a smartphone belonging to an employee to be revealed (and thus, indirectly, the geographical location of those same employees) via the activation of an application designed to register their presence at work.
The abovementioned considered such retention of data lawful, but ruled that the following specific provisions were required:
“a. The deletion of the data relating to the location of the worker once the association between the geographical coordinates of the workplace and the position of the worker has been established, and the retention only of that data relating to the workplace, date and time to which the clocking-in refers;
- The configuration of the system in such a way that an icon appears on the smartphone indicating that location finding is in progress;
- The adoption of specific measures aimed at ensuring that the application installed on the smartphone of an employee cannot retain extraneous data (e.g. data relating to telephone calls, messages, e-mail, or internet browsing or other)”.
The obligation to provide full information to employees (art. 13 of the Privacy Code and art. 4 of the Law of 20 May 1970, no. 300) is unaffected.