Norwegian DPA issues fine to Cyberbook AS

Feb 10, 2021

Source: European Data Protection Board

The Norwegian Data Protection Authority has fined Cyberbook AS EUR 20 000 (NOK 200,000) for unlawfully setting up the automatic forwarding of a former employee’s e-mails.

The background for this case is a complaint filed by a former employee of Cyberbook. The person discovered that the company had activated automatic forwarding of their personal e-mail address at the company.

In violation of regulations

This forwarding remained active for several months without the former employee being informed of it.
After reviewing the matter, the Data Protection Authority finds that the forwarding is in violation of the national regulations concerning an employer’s access to e-mail inboxes and other electronic information.

Ordered to implement procedures

In addition, we find that the organization has violated the requirements of the General Data Protection Regulation concerning legal basis, informing the data subject and the obligation to consider the employee’s objections, as well as the provisions concerning erasure of personal data.

On this basis, the Data Protection Authority has ordered the organization to implement written procedures for access to the e-mail inboxes of employees and former employees, and issued a fine in the amount of EUR 20,000 for the unlawful forwarding.

Cyberbook has three weeks to appeal, from the date on which they received notice of our decision.

For further information, please contact the Norwegian DPA:

The press release published here does not constitute official EDPB communication, nor an EDPB endorsement. This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. As the press release is represented here as it appeared on the SA’s website or other channels of communication, the news item is only available in English or in the Member State’s official language with a short introduction in English. Any questions regarding this press release should be directed to the supervisory authority concerned.

Recent news

EDPB Launches Data Protection Guide for small business

The EDPB has launched a Data Protection Guide to help small business owners on their way to become more data protection compliant. The Guide aims to raise awareness about the GDPR and to provide practical information to SMEs about GDPR compliance in an accessible and...

read more

Europe Day 2023

Every year in early May we celebrate peace and unity in Europe through Europe Day, to commemorate the signing of the 'Schuman Declaration'. This year, on Saturday 6 May, the EU institutions invite you to a wide range of online and on-site activities across the EU...

read more
A look back at the Privacy Symposium 2023

A look back at the Privacy Symposium 2023

For the second time in a row, the EFDPO was one of the Key Partners of the Privacy Symposium in Venice – an international conference for data protection professionals and enthusiasts from around the world. Privacy Symposium aims to bring together data protection...

read more
Generated by Feedzy