Email metadata are essential information such as the date, time, sender, recipient, subject, and size of the email messages.

For companies requiring retention periods longer than seven days, the DPA refers to procedures outlined in Article 4 of the Workers' Statute, which delineates the conditions under which performance monitoring tools and systems can be employed within the workplace.

Specifically, such tools may only be utilized for organizational, production, safety, and asset protection purposes, and their implementation is contingent upon either a union agreement or authorization from the Labour Inspectorate. This legal framework exempts essential work tools, including emails, from these constraints, acknowledging their critical role in daily business operations.

However, the DPA's stance that the retention of email metadata beyond the 7-day limit falls outside the scope of "necessary working tools" requires employers to seek union agreement or inspectorate authorisation, introducing a potential source of contention.

This scenario forces employers to explore advanced technological solutions that can seamlessly segregate necessary operational data from personal employee information, ensuring they can retain critical data for extended periods without infringing upon the DPA's regulations.

In response to numerous requests for clarification received, on 27 February 2024, the Supervisory Authority announced the launch of a 30-day public consultation on the forms and methods of use that would make it necessary to store metadata beyond what was assumed in the Guideline Document.