Page 1

Search for laws, regulations, judgments, Storting decisions, collective agreements etc.

Search

Regulations on the employer's access to e-mail boxes and other electronically stored material

sign in

Table of contents

➦ Go to the originally announced version

Regulations on the employer's access to e-mail boxes and other electronic data
material
Date FOR-2018-07-02-1108
Ministry of Labor and Social Affairs
Entry into force 20.07.2018
Applies to Norway
Legal basis LOV-2005-06-17-62-§9-5
Announced 03.07.2018 at 15.10
Card title Regulations on the employer's access to e-mail boxes and other electronically stored material

Legal basis: Established by the Ministry of Labor and Social Affairs on 2 July 2018 on the basis of Act no. 62 of 17 June 2005 on working environment, working hours and job security, etc.
(Working Environment Act) § 9-5 .

§ 1. Scope
The regulations here apply to the employer's right to access information stored in
a) e-mail box that the employer has made available to the employee for use at work
b) the employee's personal areas in the company's computer network or other electronic equipment provided by the employer
employee's disposition for use in work.
The provisions apply correspondingly to access to information that has been deleted from areas as mentioned in the first paragraph that exist on
backups or equivalent.
The regulations here apply to current and former employees.

§ 2. Conditions for access
The employer only has the right to access information stored in areas mentioned in § 1
a) when it is necessary to safeguard the day-to-day operations or other legitimate interests of the business, or
b) on reasonable suspicion that the employee's use of an e-mail box or other electronic equipment entails a serious breach of the
duties that follow from the employment relationship or may provide grounds for dismissal or dismissal.
The employer does not have the right to monitor the employee's use of electronic equipment, including the use of the Internet, unless the purpose
with the monitoring is
a) to manage the enterprise's computer network or
b) to detect or solve security breaches in the network.

§ 3. Procedures for inspection
The employee shall, as far as possible, be notified and given the opportunity to comment before the employer carries out an inspection. In the notice shall
the employer justify why the conditions for access are considered to be met and inform about the employee's rights under this
the provision.
An employee has the right to object under Article 21 of the Privacy Ordinance.
The employee shall as far as possible be given the opportunity to be present during the implementation of the inspection and has the right to leave
assist by a shop steward or other representative.
If inspection has been carried out without prior notice or without the employee being present, the employee shall be notified in writing of
this as soon as the inspection has been completed. The notification shall, in addition to the information mentioned in the first paragraph, second sentence, contain
information about which method of access was used, which e-mails or other documents were opened and the result
of transparency.
The exceptions to the right to information in Section 16 of the Personal Data Act applies correspondingly.
Access must be carried out in such a way that the information does not change as far as possible and that the information generated can
verified.
Opened e-mails, documents or similar that do not appear to be necessary or relevant for the purpose of the inspection,
must be closed immediately. Any copies must be deleted.

§ 4. Deletion of information upon termination of employment
The employee's e-mail box shall be terminated upon termination of employment, unless there is a special need to keep the e-mail
the postal account open for a short period after the termination.
Information mentioned in § 1, first paragraph, letters a and b, which is not necessary for the day-to-day operation of the business, shall be deleted
within a reasonable time after the termination of the employment relationship.

§ 5. Right to deviate from the provisions
It is not permitted to set instructions or enter into an agreement that deviates from the provisions of the regulations to the detriment of
employee.

§ 6. Supervision
The Norwegian Data Protection Authority supervises that the provisions of these regulations are complied with.

§ 7. Entry into force
The regulation enters into force at the same time as Act of 15 June 2018 no. 38 on the processing of personal data enters into force.

1

1 In force 20 July 2018, cf. announcement 17 July 2018 no. 1195.

Information på norsk Adjust text size Help Contact

⎙

