Costampress S.p.A. – €10,000 Fine (Italy, 2022)

A data subject issued a complaint with the Italian DPA (Garante per la Protezione dei Dati Personali – Garante) against his previous employer Costampress S.p.A. (a manufacturer of aluminium components). The data subject alleged that once his employment relationship had been terminated, the company had failed to delete the company email assigned to him, and that he had not been granted access to the company laptop computer and the personal data contained in it. The company responded to these allegations, stating that after the data subject’s dismissal, he had unilaterally proceeded to delete all the communications in his company email account. The company also explained that in order to protect its legitimate interest, it set up an automatic response system that would notify users of the deactivation of the complainant's mailbox, with an alternative email address to send messages relating to the activities carried out by the complainant within the company. According to the employer, this lasted for a month and a half, and then the email account itself was completely deactivated. Furthermore, the company stated that once the relationship was terminated, the data subject’s company laptop was given to an expert IT consultant to carry out an inspection. This was based on a legitimate suspicion that the hard disk might contain elements that could be used to refute the authenticity of documents which were subject to a separate legal dispute between the claimant and the company in the a Specialised Business Section Court in Venice. Additionally, during the preliminary phase of the proceedings, the Garante expressed concerns related to this data processing carried out on the data subject’s hard disk, due to an absence of specific company regulations regarding the handling of IT systems used by employees. The company addressed these concerns, noting that among the tasks entrusted to the complainant, one was precisely the drafting of these regulations, which were never fully c