Norwegian Data Protection Authority issues fine on an organisation for unlawfully setting up automatic forwarding of an employee’s e-mails

The Norwegian Data Protection Authority has fined an organization EUR 40 000 (NOK 400,000) for unlawfully setting up automatic forwarding of an employee’s e-mails.

In the present case, an employee filed a complaint after discovering that the employer had activated automatic forwarding of the employee’s inbox. The automatic forwarding was activated in connection with the employee’s sickness absence, and remained active for more than a month.

After investigating the matter, the Data Protection Authority concludes that the forwarding was in violation of the national regulations concerning an employer’s access to e-mail inboxes and other electronic information, as well as the requirements of the General Data Protection Regulation concerning legal basis, informing the data subject and the obligation to consider the employee’s objections.

Hence, the Data Protection Authority ordered the organization to review its written procedures for access to e-mail inboxes and issued a fine in the amount of EUR 40 000 for the unlawful forwarding.

Join the discussion

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.