Geofencing in the workplace: the Workers’ Statute and the GDPR in Italy 2026
Field Service

Geofencing in the workplace: the Workers’ Statute and the GDPR in Italy 2026

May 14, 2026 · 6 min

Imagine this: you’re the HR manager at a medium-sized cleaning company in Milan. 42 staff members, 18 sites, three shifts a day. Up until now, the teams have been reporting their attendance by phone to the operations centre, with the usual gaps and disputes at the end of the month.

Your Managing Director proposes an app with geofencing: staff automatically clock in when they enter a client’s premises, and clock out when they leave. Clean, precise and reliable for invoicing. It seems like the ideal solution. But is it actually legal in Italy?

The short answer is: yes, but only under specific conditions set out jointly by Italian labour law and the GDPR. Anyone who ignores these conditions risks not only administrative penalties from the Data Protection Authority, but also trade union disputes, legal challenges to dismissals and reputational damage – precisely in sectors where staff are already in short supply.

GeoTapp Flow integrates geofencing that complies with the Workers’ Statute, with finely adjustable privacy settings. Activation within 24 hours, trade union agreement template included.

14-day free trial, no credit card required

Geofencing: what the technology actually does

A geofence is a virtual geographical perimeter around a physical location, typically a client’s building, a construction site or a site requiring cleaning. The worker’s app automatically detects when the device enters or leaves the perimeter and triggers an action: clocking in, a push notification, or automatic time recording.

What technically appears to be a simple GPS technology has significant legal implications, because the worker is continuously and imperceptibly monitored, even if the actual tracking only takes place at a few points. The legal assessment is not based on the quantity of data, but on the inherent possibility of surveillance.

Article 4 of the Workers’ Statute: the law that sets the rule in Italy

Article 4 of the Workers’ Statute (Law 300/1970, reformed by the Jobs Act in 2015) is the essential starting point. It stipulates that audiovisual equipment and other devices which also enable the remote monitoring of workers’ activities may be used exclusively for organisational, production, safety or company asset protection purposes.

In practical terms: geofencing falls squarely within the scope of this provision. Its installation requires either a collective agreement with the RSU/RSA trade union representatives, or prior authorisation from the Territorial Labour Inspectorate. Without one of these, the use of the data collected cannot be enforced against the worker: it cannot be used in court, it cannot be used for disciplinary measures, and it cannot be used to justify dismissal.

Paragraph 3 of the same Article 4 clarifies that employees must be provided with adequate information on how the tools are used and how monitoring is carried out, and that this must be done in accordance with the provisions of the Data Protection Code. In other words: the Companies Act and the GDPR apply cumulatively, not alternatively.

GDPR Articles 6 and 9: the European rules

Location data constitutes personal data within the meaning of Article 4(1) of the GDPR. Its processing requires a legal basis. In employment relationships, Article 6(1)(b) (performance of a contract) or Article 6(1)(f) (legitimate interests) apply in particular, both supplemented by Article 88 of the GDPR and Italian legislation (Statute, Privacy Code Articles 113–114).

Please note: geofencing data must never be used to create a permanent movement profile. The Data Protection Authority has ruled on several occasions that recording the ‘time of clocking in’ is permissible, but storing the ‘route between two clock-ins’ is not, without a separate legal basis.

Try GeoTapp free for 14 days

No credit card required. Get started in 2 minutes.

Start free trial

If special categories of data are involved – because geolocation can reveal the frequency of medical appointments, trade union activities or sexual orientation – Article 9 of the GDPR also applies, with even stricter requirements.

Trade union consultation and the CSE: the role of employee representatives

If there are RSU or RSA bodies within the company, the collective agreement is the preferred route provided for under Article 4 of the Statute. In the absence of an agreement, authorisation must be sought from the Territorial Labour Inspectorate. The Inspectorate may refuse authorisation or grant it subject to conditions. Operating the system without one of these two ‘authorisations’ is simply unlawful.

The practical solution: a trade union agreement setting out the rules. The Data Protection Authority and the Inspectorate regard documented trade union agreements as a strong indicator of compliance. The following must be regulated: scope of data collection, retention period, access authorisations, purposes of use, and penalties in the event of misuse.

Practical use cases

Cleaning companies: geofences around each site/client. Automatic clocking in and out. Log retention: 90 days (typical duration of invoicing and dispute periods). No recording of the route between two sites.

Construction sites: multiple geofences per site, aligned with work areas. Safeguards: break areas explicitly excluded, private vehicles not tracked, weekends not monitored.

Outdoor technicians: geofences around client premises. Tracking begins at the start of the job and stops upon completion. The operations centre can only view the current location whilst jobs are in progress.

What to avoid at all costs

Introducing the system without informing the worker. Tracking outside working hours. Retaining data ‘as a precaution’ for longer than necessary. Access by parties not authorised for the intended purpose. Combining geofence data with other movement or performance data to profile the worker’s personality.

Each of these points constitutes a separate breach of the GDPR, and taken together, a five-figure administrative fine is likely, in addition to trade union and legal consequences.

Conclusion

Geofencing in Italy in 2026 is a legitimate and effective tool for attendance monitoring, provided it is implemented in accordance with the law. The requirements are clear: trade union agreement (or DTL authorisation), notification to the employee, data minimisation, restriction to working hours, short retention periods, and technical protection measures. Those who comply with these points have a tool that boosts productivity without risk. Those who ignore them are creating a ticking time bomb.

Think about the next collective agreement with consent, prior information and a geofence that only activates within the work area.

Align geofencing and the Articles of Association with a proper contract. Fourteen days, paperless.

No credit card required; up and running in 2 minutes.

Start your trial

Get articles like this in your inbox

Practical insights on GPS tracking, field operations and GDPR. No spam, just useful content.

Comments

No comments yet. Be the first.

Leave a comment

Try GeoTapp free for 14 days

No credit card required. Get started in 2 minutes.

Start now

© 2026 GeoTapp — original content. You may quote it and reuse parts with a link to this page. Full republication or commercial use only with our permission.