Imagine this: you’re the HR manager at a medium-sized cleaning company in Milan. 42 staff members, 18 sites, three shifts a day. Up until now, the teams have been reporting their attendance by phone to the operations centre, with the usual gaps and disputes at the end of the month.
Your Managing Director proposes an app with geofencing: staff automatically clock in when they enter a client’s premises, and clock out when they leave. Clean, precise and reliable for invoicing. It seems like the ideal solution. But is it actually legal in Italy?
The short answer is: yes, but only under specific conditions set out jointly by Italian labour law and the GDPR. Anyone who ignores these conditions risks not only administrative penalties from the Data Protection Authority, but also trade union disputes, legal challenges to dismissals and reputational damage – precisely in sectors where staff are already in short supply.
Geofencing at work: legal certainty and greater productivity
GeoTapp Flow integrates geofencing that complies with the Workers’ Statute, with finely adjustable privacy settings. Activation within 24 hours, trade union agreement template included.
Geofencing: what the technology actually does
A geofence is a virtual geographical perimeter around a physical location, typically a client’s building, a construction site or a site requiring cleaning. The worker’s app automatically detects when the device enters or leaves the perimeter and triggers an action: clocking in, a push notification, or automatic time recording.
What technically appears to be a simple GPS technology has significant legal implications, because the worker is continuously and imperceptibly monitored, even if the actual tracking only takes place at a few points. The legal assessment is not based on the quantity of data, but on the inherent possibility of surveillance.
Article 4 of the Workers’ Statute: the law that sets the rule in Italy
Article 4 of the Workers’ Statute (Law 300/1970, reformed by the Jobs Act in 2015) is the essential starting point. It stipulates that audiovisual equipment and other devices which also enable the remote monitoring of workers’ activities may be used exclusively for organisational, production, safety or company asset protection purposes.
In practical terms: geofencing falls squarely within the scope of this provision. Its installation requires either a collective agreement with the RSU/RSA trade union representatives, or prior authorisation from the Territorial Labour Inspectorate. Without one of these, the use of the data collected cannot be enforced against the worker: it cannot be used in court, it cannot be used for disciplinary measures, and it cannot be used to justify dismissal.
Paragraph 3 of the same Article 4 clarifies that employees must be provided with adequate information on how the tools are used and how monitoring is carried out, and that this must be done in accordance with the provisions of the Data Protection Code. In other words: the Companies Act and the GDPR apply cumulatively, not alternatively.
GDPR Articles 6 and 9: the European rules
Location data constitutes personal data within the meaning of Article 4(1) of the GDPR. Its processing requires a legal basis. In employment relationships, Article 6(1)(b) (performance of a contract) or Article 6(1)(f) (legitimate interests) apply in particular, both supplemented by Article 88 of the GDPR and Italian legislation (Statute, Privacy Code Articles 113–114).
Please note: geofencing data must never be used to create a permanent movement profile. The Data Protection Authority has ruled on several occasions that recording the ‘time of clocking in’ is permissible, but storing the ‘route between two clock-ins’ is not, without a separate legal basis.






