DLA Piper’s Contribution to the Consultation of Garante on the Retention of Metadata of Employees’ Emails

DLA Piper decided to lodge a contribution to the consultation of the Italian data protection authority, the Garante, on the retention of metadata of employees’ e-mails.

In a move that has sparked widespread debate and criticism, Italy’s Privacy Authority, known as the Garante, had adopted guidelines reshaping how companies handle email metadata within the workplace.

The shift targeted a common practice among employers—retaining detailed metadata from employees’ emails, including the time, sender, recipient, subject, and size of the messages. Under the new guidelines, companies were restricted to keeping this information for no more than seven days, with a potential extension of just 48 hours if they can present a documented and justified need. This decision represented a significant pivot from the long-standing norms adhered to by cloud services and software providers, who are accustomed to retaining data indefinitely.

The guidelines aim to balance stringent privacy rights with the operational needs of businesses, a task that is proving to be contentious. While intended to protect employee privacy, these rules introduced a complex layer of challenges for companies, particularly those involved in areas where data accessibility can be crucial, such as legal disputes and security measures.

Following several complaints, the Garante had suspend the enforceability of its own guidelines and issued a consultation on the matter to seek feedbacks from the relevant stakeholders. However, several companies were not willing to actively contribute to the consultation because of the risk of being subsequently investigated by the Italian data protection authority.

To assist our clients on the matter, at DLA Piper we created a team made of privacy, employment and criminal law lawyers that drafted DLA Piper’s Contribution to Consultation of the Garante on Metadata. Please have a look at it and let us know your feedback, we hope you will find it useful and the Garante will take into account our remarks in reviewing its guidelines on the retention of metadata.