At first glance, the spam folder in the e-mail client does not indicate a data privacy breach. However, if e-mails that are supposed to be deleted are inadvertently marked as spam, they may be manually checked by the e-mail provider, resulting in a data protection breach.

Everything you need to know about the privacy risk of being marked as spam can be found here.

What happens when marking as spam?

It often happens that users mark an email as spam instead of deleting it. On the surface, the email is simply moved to the spam folder. However, some email providers continue to process the email in question. If this is a E-mail with confidential or personal datathis can develop into a problem under data protection law.

Some e-mail providers simply store a hash value of the e-mail when it is marked as spam, which should help in the further development of the spam filter if, for example, e-mails with the same fingerprint are marked more frequently. In such cases, no third party reads the e-mail itself and the data it contains is safe.

Other providers check each e-mail for compliance with predefined information to decide whether it is spam. In cases where the provider from which the e-mail originates is deemed trustworthy, general information about the mail (time, sender and type of content) can be forwarded to the provider (so-called feedback loop).

With some e-mail providers, the users also agree to additional spam protection. The email provider may then also use the content of the email to train spam detection. This can involve both automated and manual processing of the email.

What can you do?

If e-mails are accidentally marked as spam, this can have serious consequences under data protection law, depending on the provider and the content of the e-mail. These must be prevented.

The reason for the incorrect marking could be that the buttons for deleting and marking as spam are too close to each other or look too similar or misleading. If employees are not sensitized to this issue, a mishap can quickly occur.

Spam filters are useful and important despite everything. Doing without them is therefore not a viable solution. However, it should be investigated how the selected e-mail provider handles spam and whether the company should change providers if necessary. In addition, most incidents can be prevented by providing employees with appropriate training on data protection and awareness. Complete privacy is only offered by end-to-end encryption. Communication via e-mail is not unjustifiably compared with communication via postcards.

You would like advice on Data protection and data security in the company? Our team of experts will be happy to help you! We also offer training courses on data protection and awareness. Please feel free to contact us!

DSB buchen
en_USEnglish