[there_the_and]

This is standard practice, it's not your email address, you are just using it for work, and your employer needs access for a variety of very obvious reasons. This should not be news to any technology professional and it's mind-blowing seeing these comments on HN.

[d4mi3n]

The question is fair. Capability does not guarantee legality, and there are plenty of cases where an individual who can access an email is not legally entitled to:

1. My ISP provides me internet access, but they are not entitled to collect my bank information when I access my bank account.

2. Depending on the nature of the corporation, it may not be legal for an individual to forward emails in the manner described. Consider: what if the email account belonged to a lawyer or doctor? Client confidentiality probably trumps many other legal concerns here.

3. Is said manager part of the IT/InfoSec department within this organization? If not, they may be circumventing organizational controls, which in itself may not be legal.

Context is important.

[vidarh]

Then consider that it's mindblowing to you because you're not used to any of the many jurisdictions where there is a legal expectation of (some) privacy at work.

Under European data protection laws, for example, many countries have considered the privacy restrictions to extend to employee e-mail addresses.

This includes Norway, for example, where employees have extensive rights to prevent employers from accessing their corporate e-mail accounts without substantial safeguards to prevent them from accessing personal information, and including rights to be notified where possible, be present, be able to respond and challenge the access etc.

You can find a lengthy (in Norwegian, though Google translate ought to do a decent job) walkthrough of the rules here [1].

Not everywhere treats people as serfs at work.

[1] https://www.datatilsynet.no/personvern-pa-ulike-omrader/pers...