Garante italiano multa empresa por manter acesso a e-mail de ex-funcionário
Fonte: EDPB — European Data Protection Board | Jurisdição: União Europeia | Tipo: Notícia
Background information Date of final decision: 18 December 2025 National case Controller: LTL S.p.A. Legal Reference(s): Article 5 (Principles relating to processing of personal data), Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject), Article 15 (Right to access by the data subject) Decision: Administrative fine, Compliance order, Erasure order or Add here your free text for the decision Key words: Administrative fine, Principles relating to processing of personal data, Transparency, Right of access, Employment, Data subject rights Summary of the Decision Origin of the case In a complaint submitted to the Italian Supervisory Authority (SA), an individual complained that, after receiving a disciplinary letter followed by dismissal, the company had denied him access to his company’ email account, which remained active. Exercising his rights, the data subject asked the company to disable the email account, forward any messages received in the meantime to his personal email address, and activate an automatic reply informing any senders of his new email address. However, this request remained unfulfilled, even though it was formulated in compliance with the GDPR. Key Findings During the investigation, the Italian SA found that the company not only continued to receive emails addressed to the employee, but also forwarded them to another company email account. This unlawful practice had been going on for about two months, exceeding the 30-day limit set by the company’s internal rules. Decision The Italian SA fined the company 40 000 EUR. In determining the amount of the fine, the SA took into account the type and duration of the violations, the failure to respond to the employee’s request to exercise his rights, and the absence of previous violations of data protection regulations by the company. The Authority therefore ordered the company to allow the employee access to his company email account and ordered its subsequent deletion, without prejudice to the retention of what was necessary for the protection of company’s rights in court. For further information: Garante: l’accesso alla email del lavoratore licenziato vìola la privacy
A Autoridade Supervisora italiana (Garante per la protezione dei dati personali) proferiu decisão administrativa contra empresa LTL S.p.A. por violação de direitos de titular de dados relacionados a conta de email corporativo após término de relação laboral. Após receber carta disciplinar e ser dispensado, o empregado solicitou à empresa: (i) desativação da conta de email; (ii) encaminhamento de mensagens recebidas para email pessoal; (iii) ativação de resposta automática. A empresa não cumpriu a solicitação, mantendo a conta ativa e redirecionando mensagens para outra conta corporativa por aproximadamente dois meses, violando o limite de 30 dias estabelecido em suas próprias regras internas e desrespeitando direitos do titular conforme GDPR (artigos 5, 12 e 15). Multa administrativa de EUR 40.000, ordem de conformidade permitindo acesso do empregado à conta e sua posterior exclusão (ressalvados dados necessários para proteção de direitos da empresa em juízo). A decisão reforça obrigações de transparência e respeito aos direitos de acesso e exclusão de dados em contexto de relação laboral encerrada, estabelecendo precedente sobre tratamento de comunicações corporativas pós-desligamento.
Fonte original: EDPB — European Data Protection Board