Your Subscription

We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.





Login
Twitter LinkedIn




Login
  • Home
  • About
  • Updates
  • Awards
  • Contact
  • Directory
  • OnDemand
  • Partners
  • Testimonials
Forward Share Print
Norrbom Vinding

Access to work emails: can a request to access data be too extensive?

Newsletters

09 September 2020

Employment & Immigration Denmark

Facts
Work emails primarily describe a function
Request was too extensive
Comment


Under the EU General Data Protection Regulation (GDPR), data controllers must provide data subjects with access to all of the personal data that the data controller processes about them if the data subject requests it. However, data controllers may refuse to act on such a request if, for example, the scope of the request for access is too excessive.

Facts

In a recent case, the Data Protection Agency considered whether an employer was entitled to refuse to provide access to all of the contents of a former employee's work email account. The former employee asked to see all of the emails sent or received via his work email account as well as all other emails sent in the workplace about him.

The employer provided the former employee with his personnel file, email correspondence which contained personal information about him and other material which contained personal information. However, the employer refused to provide access to emails from the former employee's closed work email account. The employer referred to, among other things, the fact that emails sent in connection with the performance of the job were not in themselves personal data.

The former employee was unsatisfied with this and filed a complaint to the Data Protection Agency.

Work emails primarily describe a function

The Data Protection Agency stated that it is possible for employers to refuse to allow an employee, or a former employee, to see letters, emails and similar signed or sent by the person on the grounds that the request for access is too far-reaching, especially if it involves a lot of information. This is because personal information in, for example, work-related emails first and foremost relates to an employee's function in their position with their employer. However, there may be exceptions to this starting point (eg, if emails sent contain personal information about the employee over and above material relating solely to the performance of their work functions).

Request was too extensive

Based on the nature of personal information in work emails, the Data Protection Agency found that the employer in this case was entitled to reject its former employee's request to access emails from his work email account because the request was too extensive. The Data Protection Agency also emphasised that work email accounts do not constitute an IT system intended to process information about employees.

Further, the Data Protection Agency emphasised that the employer gave the former employee access to other personal information held about him, apart from information which could potentially be in his closed work email account, just as emphasis was placed on the employer entering into a dialogue with the former employee on how the employer could comply with the request in another way.

Comment

The decision is an example of the extent of employees' and former employees' right to access personal data held by an employer under the GDPR.

With this decision, the Data Protection Agency has established that former employees do not typically have the right to view the contents of their work email account or receive a copy thereof, as there will usually be a large amount of information in this account, meaning that a request of this nature would be too extensive.

However, employers cannot generally disregard work emails, as there may be cases where they are aware that work emails contain personal data other than that necessary for the performance of the role (eg, if a purely personal opinion is expressed (as opposed to a professional assessment)).

For further information on this topic please contact Søren Terp Kristophersen at Norrbom Vinding by telephone (+43 35 25 3940) or email (stk@norrbomvinding.com). The Norrbom Vinding website can be accessed at norrbomvinding.com.

The materials contained on this website are for general information purposes only and are subject to the disclaimer.

ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.

Forward Share Print

Author

Søren Terp Kristophersen

Søren Terp Kristophersen

Register now for your free newsletter

View recent newsletter

More from this firm

  • Amendment to Posting of Workers Act enters into force
  • New executive order on psychological working environment
  • Employees' duty to provide information on inventions
  • Legislative programme for 2020/2021 parliamentary year: impact on employment law
  • COVID-19 – extended sickness benefits for employees at special risk

More articles

  • Home
  • About
  • Updates
  • Awards
  • Contact
  • My account
  • Directory
  • OnDemand
  • Partners
  • Testimonials
  • Follow on Twitter
  • Follow on LinkedIn
  • Disclaimer
  • Privacy policy
  • GDPR Compliance
  • Terms
  • Cookie policy
Online Media Partners
Inter-Pacific Bar Association (IPBA) International Bar Association (IBA) European Company Lawyers Association (ECLA) Association of Corporate Counsel (ACC) American Bar Association Section of International Law (ABA)

© 1997-2021 Law Business Research

You need to be logged in to make a comment. Log in here.
Many thanks. Your comment has been sent.

Your details



Your comment or question *