Managing workers' e-mail and metadata: obligations for private and public sector employers.

On July, 16th, 2025 a workshop was held on the management of employees’ email accounts and related metadata. Attorney Alessandro del Ninno took part in the event, delivering a presentation entitled “The management of employees’ email and metadata. The guidance of the Italian Data Protection Authority (Decision no. 364/2024). Compliance obligations for private and public employers”.

 

His lecture provided a comprehensive overview of the applicable regulatory and case-law framework governing the processing activities connected with corporate email services, illustrating the obligations of email service providers and the organizational and technical measures required to ensure compliance with both data protection rules and sectoral legislation. The presentation examined the employer’s responsibilities and control duties, with specific reference to the most recent indications of the Italian Data Protection Authority (including Decision no. 472/2024), as well as the extent to which data management and retention systems may fall within the exception set forth in Article 4(2) of the Workers’ Statute.

 

Avv. Alessandro del Ninno also analyzed the procedural safeguards under Article 4(1) of the Statute (trade union agreement or authorization by the National Labour Inspectorate), the information duties towards employees, and the circumstances requiring a revision of the data protection impact assessment (DPIA). Practical guidance was provided on data minimisation, retention periods, log management and metadata processing.

 

The presentation offered both private and public employers an operational roadmap for properly structuring internal policies, employee notices and legal bases for processing, while avoiding disproportionate or intrusive practices and aligning corporate processes with the most recent positions taken by the Italian Data Protection Authority.