DATA PROTECTION
Italian Data Protection Authority: guidelines on employees' email metadata retention.
Public and private employers who use e-mail management programmes, including those provided in the cloud, now have new indications to help prevent data processing that contravenes data protection regulations and the rules protecting workers' freedom and dignity.
The Garante for the protection of personal data has in fact adopted a policy document entitled 'Computer programmes and services for e-mail management in the work context and metadata processing' aimed at public and private employers.
The document comes in the wake of investigations carried out by the Authority from which it emerged that some computer programmes and services for e-mail management, marketed by suppliers also in cloud mode, are configured to collect and store - by default, in a preventive and generalised manner - metadata relating to the use of employees' e-mail accounts (e.g. day, time, sender, addressee, subject and size of the e-mail). In some cases, it was also found that the systems do not allow employers to disable the systematic collection of data and reduce the retention period.
With today's document, the Garante therefore asks employers to check that the email management software and services in use by employees (especially in the case of market products provided in the cloud or as-a-service) allow them to change their basic settings, preventing the collection of metadata or limiting their retention period to a maximum of 7 days, extendable, in the presence of proven needs, by a further 48 hours. This period is considered appropriate, from a purely technical point of view, to ensure the proper functioning of the e-mail in use by the employee.
Employers who, for organisational and production requirements or to protect the owner's assets, including information (in particular, for example, for specific system security requirements), need to process the metadata for a longer period of time, will have to carry out the guarantee procedures provided for by the Workers' Statute (trade union agreement or authorisation of the labour inspectorate). Extending the storage period beyond the time frame set by the Garante may in fact lead to indirect remote control of the worker's activity.
The Garante for the protection of personal data has in fact adopted a policy document entitled 'Computer programmes and services for e-mail management in the work context and metadata processing' aimed at public and private employers.
The document comes in the wake of investigations carried out by the Authority from which it emerged that some computer programmes and services for e-mail management, marketed by suppliers also in cloud mode, are configured to collect and store - by default, in a preventive and generalised manner - metadata relating to the use of employees' e-mail accounts (e.g. day, time, sender, addressee, subject and size of the e-mail). In some cases, it was also found that the systems do not allow employers to disable the systematic collection of data and reduce the retention period.
With today's document, the Garante therefore asks employers to check that the email management software and services in use by employees (especially in the case of market products provided in the cloud or as-a-service) allow them to change their basic settings, preventing the collection of metadata or limiting their retention period to a maximum of 7 days, extendable, in the presence of proven needs, by a further 48 hours. This period is considered appropriate, from a purely technical point of view, to ensure the proper functioning of the e-mail in use by the employee.
Employers who, for organisational and production requirements or to protect the owner's assets, including information (in particular, for example, for specific system security requirements), need to process the metadata for a longer period of time, will have to carry out the guarantee procedures provided for by the Workers' Statute (trade union agreement or authorisation of the labour inspectorate). Extending the storage period beyond the time frame set by the Garante may in fact lead to indirect remote control of the worker's activity.
