Norwegian DPA issues fine to Cyberbook AS

The background for this case is a complaint filed by a former employee of Cyberbook. The person discovered that the company had activated automatic forwarding of their personal e-mail address at the company.

In violation of regulations

This forwarding remained active for several months without the former employee being informed of it.

After reviewing the matter, the Data Protection Authority finds that the forwarding is in violation of the regulations concerning an employer’s access to e-mail inboxes and other electronic information.

Ordered to implement procedures

In addition, we find that the organization has violated the requirements of the General Data Protection Regulation concerning legal basis, informing the data subject and the obligation to consider the employee’s objections, as well as the provisions concerning erasure of personal data.

On this basis, the Data Protection Authority has ordered the organization to implement written procedures for access to the e-mail inboxes of employees and former employees, and issued a fine in the amount of EUR 20,000 for the unlawful forwarding.

Cyberbook has three weeks to appeal, from the date on which they received notice of our decision.