According to the Italian Data Protection Authority, the content of emails, contact data related to communications, and any attachments fall within the notion of correspondence. Therefore emails are  protected by the right to confidentiality, in compliance with the Italian Constitution, which protect safeguards human dignity and the full development of the individual in social relationships.

Hence, Italian Data Protection Authority (Garante per la protezione dei dati personali), imposed a €40,000 fine on a company for violating the confidentiality of a former CEO’s email account after the termination of the employment relationship (resolution. 754 of December 18^th,  2025)

In the complaint, the employee stated that after receiving a disciplinary notice followed by dismissal, the company denied him access to his corporate email mailbox, which remained active. By exercising his rights under the GDPR, he asked the company to disable the email account, forward the messages received in the meantime to his personal email address, and activate an automatic reply informing senders of the new email address. However, this request—properly submitted in accordance with the GDPR—was not fulfilled.

During the investigation, the Authority found that the company not only continued to receive emails addressed to the former employee, but even forwarded them to another corporate email account. This improper practice continued for about two months, exceeding the 30-day limit set by the company’s internal rules.

In determining the amount of the fine, the Authority considered the nature and duration of the violations, the failure to respond to the employee’s request to exercise his rights, and the absence of previous privacy law violations by the company.

Archivio news