Advice and Tips
Is my boss allowed to read my e-mail?
Unless they have a valid business reason for doing so, an employer can’t read an employee’s e-mail – or any other information that’s been stored on an electronic communication device such as a mobile phone.
A separate regulation states when and how an employer may monitor an employee’s electronic communication. It states several important conditions for monitoring that are explained below. These rules also apply to an employer’s right to go on an employee’s personal area of the company server or look at other electronic equipment. It should be noted as well that these rules apply to both current and former employees.
When is monitoring allowed?
A basic condition for monitoring is that it must be necessary for achieving a specific purpose. So if a company’s operations can be maintained in a different and less invasive way, then monitoring won’t only be unnecessary – it won’t be allowed.
When it’s necessary for managing a company’s day-to-day operations
This situation often arises if an employee is away from work and there’s good reason to believe that their inbox contains work-related e-mails that their employer needs to read in order to keep the business running. The time an employer has at their disposal is an important factor here; in other words, short turnaround times can justify their checking an employee’s e-mail, even in brief periods of absence. If an employee’s made sure to forward their work-related e-mails or use an auto reply that provides information where work-related e-mails should be sent while they’re away, these actions can justify making monitoring unnecessary.
When monitoring is necessary to take care of other the company’s other legitimate interests
Legitimate interests include the necessity of running the company efficiently and competently or protecting it from damages or liability. What is considered a legitimate concern varies according to company type, which in turn varies from one industry to another and depends on considering each individual case.
In cases of justifiable suspicion that an employee’s use of e-mail is leading to a serious violation of duties with respect to the employment relationship
Any violation of duties must be serious in nature. The requirement is usually fulfilled if an e-mail account is being used to perform punishable acts or breaches of labor law duties and norms, for example if an employee is breaching company confidentiality policies or downloading photos of child pornography.
In cases of justifiable suspicion that an employee’s use of their e-mail account can be grounds for resignation or dismissal
This includes both punishable actions and actions which, although they aren’t punishable, are clearly not in the company’s best interests. Examples include e-mail that’s used for harassing colleagues or sending out spam/e-mails containing harmful content.
The employer must prove that there are grounds for these suspicions before acting on them.
Right to access doesn’t apply to private equipment
The rules apply only to access the means of communication and equipment that is made available to the employee for work purposes. So an employer’s right to access doesn’t apply to equipment owned by the employee him-/herself. This means that the employer doesn’t have the right to access any content that is stored on the employee’s private computer, even if this content is occasionally used for work-related purposes. This also applies to an employee’s private phone, e-mail accounts and social media profiles.
An employer must notify employees of their right to access
An employee must to the greatest extent possible be notified of and make a statement about any monitoring before it takes place.
The notification must contain information about:
- Why the conditions for monitoring are regarded as having been met
- What legal rights the employee has in this situation
The employee must to the greatest extent possible be allowed to be present and have a company union representative (or another representative) present during a monitoring session. The employee can also freely decline to be present or receive help from a representative.
If monitoring takes place without prior notification being given to the employee, (for example if the employer doesn’t have enough time to notify them before monitoring or they can’t be reached), the employee must be informed afterwards that monitoring has taken place.
The following information must be given in this situation:
- Why conditions for monitoring were regarded as having been met
- What the employee’s legal rights are
- The method that was used for monitoring
- The e-mails or other documents that were opened
- The results
Deleting data when an employee quits
The main rule is that whenever an employment relationship ends, the employee’s e-mail accounts, etc. are also terminated. Content that is no longer necessary for daily operations must be deleted within a reasonable amount of time. According to The Norwegian Data Protection Authority, this means a deadline of six months after an employee leaves their job.
Determining instructions or signing contracts on monitoring that deviate from regulations and are disadvantageous for the employee is not allowed. What is disadvantageous to the employee must be assessed on an individual basis. Rules that give the employer greater access to monitoring are generally disadvantageous to the employee.
Monitoring students
The above rules normally apply to students who have been assigned an e-mail account from a college or university. Generally speaking, a strong case must be made for proving that monitoring is necessary to take care of the institution’s daily operations. On the other hand, conditions for monitoring are met in situations where there is a reasonable suspicion that students’ use of e-mail accounts is leading to a serious breach of the duties resulting from the relationship between the institution and student and/or can form a basis for the student’s exclusion or expulsion.