The criminal sanctions applicable for direct or indirect violation of rules related to the COVID-19 emergency essentially relate to three areas:
- non-compliance with the requirements of the Prime Ministerial Decree 8, 9 and 11 March 2020,
- violation of health and safety regulations in the workplace (Legislative Decree 81/08),
- violation of the rules on the workplace remote control of employees in the case of remoteworking.
In the first case, the criminal provisions that can be challenged are the non-observance of the order of authority (art. 650 of the Italian Criminal Code) and the false attestation or declaration to a public official about the identity or personal qualities of one’s own or others (art. 495 of the Italian Criminal Code). In this regard, it is fundamental to remember that the burden of proof with respect to the commission of the crime is and remains with the judicial authorities. It follows that the self-declaration required by the emergency regulations does not also imply the obligation to preserve the “evidence” of its value of truth. If, therefore, the police operator who collects the self-declaration does not verify, in the immediacy, its truthfulness (and this regardless of the actual possibility of doing so), then the suspect cannot be required to provide evidence of what has been declared.
The second includes, for example, the crimes of culpable injury for failure to adopt prescriptions for the management of biological risk (and therefore: failure to adapt the DUVRI and consequent damage suffered by the worker). The main element that affects the employer’s criminal liability is first of all the “objective” element of whether or not it has adopted adequate measures with respect to the risk (including residual risk) to which the worker is exposed. The second element is the merit – i.e. the concrete effectiveness – of the measure prescribed by the person responsible for safety and prevention. Therefore, if, following an adequate motivation, the continuous monitoring of the state of health of the employees was prescribed in order to be able to protect their health in the first instance and (subsequently) make this data available to the health authority, one could not invoke – for example – a violation, at least criminal, of the regulations on the processing of personal data. There would be no malicious intent (in order to cause damage or profit) and even administrative sanctions on the matter would be difficult to establish, given the need, on the one hand, to protect health and, on the other, to comply with a prescription which, if breached, would imply a criminal penalty.
The third case is much more complex because the health emergency has forced the activation of remote working, not by choice of the employer but by obligation . or rather “suggestion – normative. This means that there was no time to organize to comply with the rules that – despite the exceptions – are fully in force, such as those on remote control. The question therefore arises as to the overriding effectiveness of the factual (but not voluntary) violation of Articles 4 and 4bis of the Workers’ Statute, and of those of the Personal Data Act. It would be unthinkable, in the face of the emergency adoption of mechanisms for telework, to contest the failure to review the policies for the processing of employees’ data or the adoption of further security measures. These activities require time but – above all – organizational and economic resources: a company with a few hundred employees should take weeks to equip them with company tools (PC, SIM, tablet and smartphone) or to configure employees’ equipments in case of a BYOD alternative. Let alone what (would) happens when the number of employees becomes much greater.
In short, therefore, the factual violation of criminal law in relation to the conduct adopted by companies in a state of emergency (declared by law) does not necessarily and automatically imply the responsibility of the employer, which must be ascertained on a case-by-case basis, and always by the proceeding authority.
Beware, however, because this is not a shortcut to violate the law with impunity, since any organizational choice must in any case be adequately motivated and justified, since it cannot be limited to claiming that a specific (non)choice was adopted “because of the virus”.