The Norwegian Data Protection Authority (NDPA) has fined an employer €40,000 for unlawfully setting up automatic forwarding of an employee’s emails. The case will be of interest to Irish employers as it could be a persuasive decision if an employee made a similar claim in this jurisdiction.
The case involved a complaint by an employee who discovered that their employer had activated automatic forwarding of their inbox. The employee had been absent through illness for more than a month. they were unaware Upon their return that the employer had activated the email forwarding during that time.
Guide: Employer GDPR compliance in focus
Lack of legal basis as required under GDPR
This case was investigated by the NDPA. They concluded that the forwarding was in violation of both national regulations concerning an employer’s access to email inboxes and the requirements of the General Data Protection Regulation (GDPR) concerning:
- Legal basis.
- Informing/notifying the employee/data subject.
- The obligation to consider the employee’s objections.
The NDPA ordered the employer to review its written procedures governing access to e-mail inboxes. The employer was also issued a fine of €40,000, a decision they have appealed.
Monitoring staff emails
This Norwegian decision is particularly relevant to Irish employers who have more and more staff working from home.
You may think your business would benefit from monitoring employee emails. If so, you must first ensure that your proposal complies with GDPR principles.
Some questions you need to ask include:
- Have you a legal basis for monitoring employee emails?
- Is the proposed monitoring a proportional and reasonable response to the concerns you have around employee email use?
- Are your staff on notice that an email monitoring system is proposed or in place?
Need our help with your HR issues?
Call our 24/7 helpline for instant advice on any HR issue you’re having. To speak to an expert now, call 0818 923 923.
