Support Centre

You have out of 10 free articles left for the week

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Norway: Datatilsynet issues a reprimand after enterprise accesses e-mail account

The European Data Protection Board ('EDPB') published, on 23 September 2021, an English summary of the Norwegian data protection authority's ('Datatilsynet') decision, issued on 9 August 2021, referring to Articles 14 and 15 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the decision highlights that the enterprise had a legal basis for accessing the account, but that the enterprise had failed to satisfactorily inform the complainant about the enterprise accessing the account. In addition, the decision found that the enterprise waited too long to give the complainant access to the complainant's personal data after the complainant had requested it. As a result, Datatilsynet issued a formal reprimand, and ordered the enterprise to establish written procedures for accessing e-mail accounts.

You can read the summary of the decision here.