With provision no. 342 of 14 May 2026, the Italian Data Protection Authority (Garante della Privacy) ruled on the use of a plug-in system developed by a start-up with a preventive medicine approach.
Specifically, it:
- enables so-called sentiment analysis of messages exchanged by employees during work to monitor levels of psychological stress;
- can be purchased by organizations and companies to allow their employees to use it;
- provides the purchasing organizations and companies with the option to request from the developer start-up an aggregated report on the level of psychological stress calculated by the system in relation to their employees who have used it.
According to the Authority, pursuant to the relevant norms (primarily Article 113 of the Privacy Code and the EU Regulation on Artificial Intelligence), employers are prohibited from accessing information regarding employees’ emotional well-being in the workplace – including their overall well-being and psychological stress – regardless of the purpose, so including when it is prevention.
This reasoning led the Data Protection Authority to warn the startup that the plug-in it was marketing was likely to violate provisions protecting workers’ personal data and dignity, even though the analysis of its use did not reveal any occurred violations. Therefore, the Authority emphasized the need to ensure the adoption of measures aimed at preventing any form of disclosure – even indirect – to the employer of the data collected through the digital mechanism at stake.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]