In the absence of correct information about the characteristics of the computer system, the Company cannot use the data collected.
This is specified (again) by the Italian Privacy Guarantor with its newsletter n. 477 of May 19, 2021.
In the case under analysis, the company had not properly informed the workers of the characteristics of the system.
The program involved entering an individual password on the workstation before starting the job.
This system, however, also collected disaggregated data and for purposes other than those communicated in the information.
The production data were thus attributable to identifiable workers.
The data of a single employee were used for other purposes (disciplinary case), not provided for in the information and not authorized.
Therefore, the Authority, deemed unlawful the processing carried out, ordered the Company to modify the information provided to the workers, indicating in detail all the characteristics of the system, and ordered to pay a fine of Euro 40 thousand.