The Italian Data Protection Authority (the Garante) has issued its first GDPR fine for unlawful retention of metadata from employees’ emails and web browsing activities. The decision applies the Garante’s highly discussed guidelines of 2024 on the use of metadata in workplace email systems.

The Processing of Metadata in the Employment Relations

Metadata…