After having sent and received as many as 13,196 emails in 2010, I started thinking about how well this kind of communication is actually protected. The problem has a technical and legal perspective. I've long focused on the technical side. SSL, good passwords and some hard drive encryption should offer reasonable protection. The legal perspective is also not too bad. At least in Austria.
As opposed to Germany, Austrian law gives emails a similar protection as letters, as long as they are in transit and haven't been downloaded to a user's personal computer (=letter is still closed).
Abschließend kann also gesagt werden, dass die passwortgesicherten e-Mails in Österreich dem Schutz nach § 118 StGB (Briefgeheimnis) unterliegen. In Deutschland scheitert man beim Briefgeheimnis (§ 202 dStGB) für e-Mails am Erfordernis der Körperlichkeit. Nach § 202a dStGB sind nur passwortgesicherte bzw auf dem Übertragungsweg verschlüsselte e-Mails geschützt.by Prof Dr. Thomas Hoeren, Briefgeheimnis im Strafrecht
This general protection has been substantially weakened by a variety of "anti-terror laws" that have been imposed in the US and Europe. In fact most big providers who want to display advertising already weaken your privacy in their terms of service. Moreover, once they surpass a certain number of users, they are usually obliged to install a backdoor for government bodies.
For that reason, I strongly encourage everyone to run a private email-server. If you share it with your friend, the costs won't be more than a few EURs per year and it's a good learning opportunity. Moreover, if your admin lives in Austria you can hold him accountable, as if he was opening up your love letters.
If you can somehow emphasize the educational point of view, Amazon might even give you a free server for some time.