Make Sure Employees’ E-Mail Metadata Are Deleted
New guidelines have been issued by the Italian Data Protection Authority, or Garante, regarding processing of metadata relating to employees’ work emails.
The Garante worries that, absent a specific agreement with trade unions, processing of such
employees’ metadata may trigger risks of systematic monitoring, unlawful
processing and excessive data retention. Therefore, they need to be deleted
within a few hours/days and up to 7 days.
Companies, who are acting as data controllers of such employees’ metadata, must ensure that their service providers carry out such deletions, making sure that default settings that
prolong the processing are deactivated. They must also reflect in the
information notice to employees the specific use of technologies that impact
the processing of their data.