A corporate e-mail address bearing a user’s name should be considered as personal data, a court of appeal ruled recently.

The former CEO of the European Union Programmes Agency, Doreen Camilleri, won a case on appeal when a ruling by Judge Anthony Ellul confirmed that an e-mail address with an individual’s name should be accepted as “personal data”.

The court heard how, on February 8, 2016, Ms Camilleri was informed by the Education Ministry’s Permanent Secretary that her job was being terminated.

The next day, the agency requested a password change for the former CEO’s e-mail address, however Ms Camilleri was not informed of this and she was blocked out of her account. A new password was given to the agency by the Malta Information Technology Agency (Mita) that same day.

A few days later, Ms Camilleri found out that her e-mail address was still in use but she could not access it herself. On February 15 she decided to file a complaint with Mita. 

Something with my name on it was being used by others and without my knowledge

In June of that year, the Data Protection Commissioner ruled that Ms Camilleri’s complaint was unfounded. In October last year, the former CEO, through her lawyer Paul Gonzi, appealed this decision but was turned down by the Information and Data Protection Appeals Tribunal.

Handing down the judgment, Mr Justice Ellul disagreed with the conclusion of the Appeals Tribunal that an employee had no right over such an e-mail address and that its use was solely for work-related purposes. For the court, once an e-mail contains a person’s name and surname, it has to be considered as personal data.

“The court does not agree with the way the personal data of the appellant, which in this case is her name, was processed by the Agency [Mita]. It should have never made a request for a password change in her name,” the judge said.

The court concluded that the processing of the data was not carried out according to the good practices as established by law.

Contacted by The Sunday Times of Malta, Ms Camilleri said she had fought the issue “as a matter of principle”.

“I will never know whether e-mails were sent in my name or what e-mails were received. But think of all those people working in similar roles, both in the public and private sectors, who are not aware that they have certain rights.

“I said from the start that my issue was not with having the e-mail address removed once my contract was terminated but that something with my name on it was being used by others and without my knowledge,” Ms Camilleri said.

While business continuity was a crucial aspect when dealing with handovers, Ms Camilleri went on, employees’ rights should not be breached in the process, adding that employers should always go through the formal systems when dealing with such cases. 

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.