On 16 November 2017, the Italian Data Protection Authority (“Garante”) enjoined Poste Italiane S.p.A., the Italian national postal service, from using a system aimed to organise queues at the counter on the grounds that it was incompatible with data protection laws.

“Gestore Attese” (“Queue Manager”), as the system was called, displayed the employee’s name for everyone to see over the counter. Trade unions and employees of Poste Italiane S.p.A. filed complaints with the Garante claiming an infringement of privacy rights and labour regulations.

During the course of the subsequent inquiry, Poste Italiane argued that the system was meant to make the organization of the company transparent to the public and to improve customers’ relationships; it was not designed to monitor employees’ work and, as such, it did not infringe labour regulations.

The Italian DPA took a different view and found that the resulting processing of personal data was “in some respects, not compliant with data protection rules, with particular regard to the principle of lawfulness and the principle of proportionality”. The Garante also found that there was a lack of full disclosure of the processing, noting that the information notice provided by the company to trade unions did not meet the legal requirements and was “unsuitable for informing individually all the concerned data subjects about the personal data processing”.

The “Gestore Attese” system, the Garante considered, was not essential to the performance of the workers’ duties and as such had to be regarded as a tool indirectly allowing the remote monitoring of the employees’ work. The number of people having access to the information, the recording of data and the possibility to extract reports from the system were inconsistent with any organization, production or security reasons.

The Garante concluded that the relevant processing of personal data was unlawful and prohibited the further processing and any use of the information collected to date.