The Norwegian Data Protection Authority has fined an organization EUR 40 000 (NOK 400,000) for unlawfully setting up automatic forwarding of an employee’s e-mails.
The background for this case is a complaint from an employee who discovered that their employer had activated automatic forwarding of the employee’s inbox.
Lacks legal basis
This automatic forwarding was activated in connection with the employee’s sickness absence, and remained active for more than a month. After investigating the matter, the Data Protection Authority concludes that the forwarding was in violation of the national regulations concerning an employer’s access to e-mail inboxes and other electronic information, as well as the requirements of the General Data Protection Regulation concerning legal basis, informing the data subject and the obligation to consider the employee’s objections.
On this basis, the Data Protection Authority has ordered the organization to review its written procedures for access to e-mail inboxes and issued a fine in the amount of EUR 40 000 for the unlawful forwarding.
The name of the organization has been withheld from public access to protect the identity of the complainant. The organization has appealed the decision.
For further information, please contact the Norwegian DPA: firstname.lastname@example.org
The press release published here does not constitute official EDPB communication, nor an EDPB endorsement. This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. As the press release is represented here as it appeared on the SA's website or other channels of communication, the news item is only available in English or in the Member State's official language with a short introduction in English. Any questions regarding this press release should be directed to the supervisory authority concerned.