Fined for illegal forwarding of e-mail
A business has been fined EUR 25,000 (NOK 250,000) for illegal forwarding of an employee's e-mails. The name of the business has been withheld from public disclosure to protect the identities of its employees.
A business has been fined EUR 25,000 (NOK 250,000) for illegal forwarding of an employee's e-mails. The name of the business has been withheld from public disclosure to protect the identities of its employees.
The background to the case is a complaint filed by someone who found that their employer started automatically forwarding e-mails.
The employer asked the employee to set automatic forwarding from their e-mail account to a shared company e-mail account. This was supposed to be for operational reasons.
Having investigated the matter, the Norwegian Data Protection Authority concluded that the business lacked a legal basis for the forwarding of e-mails. This has taken place in violation of the regulations relating to the employer’s access to e-mail accounts and other electronic material, in addition to the requirement for legal basis under the GDPR.
Nor had the business drawn up procedures for access to e-mails. The Data Protection Authority pointed out that an improvement in the procedures could prevent future instances of unlawful access.
On this basis, the Data Protection Authority has ordered the business to improve its internal control procedures and guidelines for access to employee e-mails. In addition, the business has been ordered to pay NOK 250,000 for having monitored the complainant's e-mail account without legal basis.