Norwegian DPA issues fine for forwarding e-mail

Feb 10, 2021

Source: European Data Protection Board

The Norwegian Data Protection Authority has fined an organization EUR 40 000 (NOK 400,000) for unlawfully setting up automatic forwarding of an employee’s e-mails.

The background for this case is a complaint from an employee who discovered that their employer had activated automatic forwarding of the employee’s inbox.

Lacks legal basis

This automatic forwarding was activated in connection with the employee’s sickness absence, and remained active for more than a month. After investigating the matter, the Data Protection Authority concludes that the forwarding was in violation of the national regulations concerning an employer’s access to e-mail inboxes and other electronic information, as well as the requirements of the General Data Protection Regulation concerning legal basis, informing the data subject and the obligation to consider the employee’s objections.

On this basis, the Data Protection Authority has ordered the organization to review its written procedures for access to e-mail inboxes and issued a fine in the amount of EUR 40 000 for the unlawful forwarding.

The name of the organization has been withheld from public access to protect the identity of the complainant. The organization has appealed the decision.

For further information, please contact the Norwegian DPA: international@datatilsynet.no

The press release published here does not constitute official EDPB communication, nor an EDPB endorsement. This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. As the press release is represented here as it appeared on the SA’s website or other channels of communication, the news item is only available in English or in the Member State’s official language with a short introduction in English. Any questions regarding this press release should be directed to the supervisory authority concerned.

Recent news

Norwegian DPA issues fine to Aquateknikk AS

The Norwegian Data Protection Authority has fined Aquateknikk AS EUR 10,000 (NOK 100,000) for having performed a credit rating on a private individual without legal basis. This case came in response to a complaint from a person who discovered that Aquateknikk had...

read more

Swedish DPA: Police unlawfully used facial recognition app

The Swedish Authority for Privacy Protection finds that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using Clearview AI to identify individuals. Upon news in the media of the Swedish Police Authority using...

read more