Nor­way: Fine of EUR 40,000 for for­war­ding employee e‑mails

The Nor­we­gi­an Data Pro­tec­tion Aut­ho­ri­ty has fined a com­pa­ny EUR 40,000 for unlawful­ly set­ting up auto­ma­tic for­war­ding of an employee’s e‑mails (cf. Media release). The employee had com­plai­ned about this to the super­vi­so­ry authority.

The for­war­ding was set up in con­nec­tion with an absence of the employee due to ill­ness and was acti­ve for more than one month. The data pro­tec­tion aut­ho­ri­ty came to the con­clu­si­on that the for­war­ding vio­la­ted pro­vi­si­ons of Nor­we­gi­an law on the employer’s access to e‑mail inbo­xes and the GDPR, the lat­ter with regard to the legal basis and infor­ma­ti­on of the data sub­ject, among other things. Howe­ver, as far as can be seen, no fun­da­men­tal inad­mis­si­bi­li­ty of the e‑mail for­war­ding was established.

Car­lo Piltz has writ­ten a short com­ment on this decis­i­on (Lin­ke­dIn, in English).