The Norwegian Data Protection Authority has fined an organization EUR 40 000 (NOK 400,000) for unlawfully setting up automatic forwarding of an employee’s e-mails.
The background for this case is a complaint from an employee who discovered that their employer had activated automatic forwarding of the employee’s inbox.
Lacks legal basis
This automatic forwarding was activated in connection with the employee’s sickness absence, and remained active for more than a month. After investigating the matter, the Data Protection Authority concludes that the forwarding was in violation of the national regulations concerning an employer’s access to e-mail inboxes and other electronic information, as well as the requirements of the General Data Protection Regulation concerning legal basis, informing the data subject and the obligation to consider the employee’s objections.
On this basis, the Data Protection Authority has ordered the organization to review its written procedures for access to e-mail inboxes and issued a fine in the amount of EUR 40 000 for the unlawful forwarding.
The name of the organization has been withheld from public access to protect the identity of the complainant. The organization has appealed the decision.
For further information, please contact the Norwegian DPA: firstname.lastname@example.org