D: New developments concerning employee data protection
Category: NachrichtenBy: K. Schiefer, 2B Advice – the privacy benchmark
The explanatory memorandum to the 2009 Data Protection Amendment already clarified that the introduction of Article 32 of the German Federal Data Protection Act (BDSG) would not be the final word on employee data protection. The further plans are now taking shape.
In May 2010 the German Federal Ministry of the Interior compiled a draft bill intended to further expand employee data protection. However, this should not result in a separate employee data protection act. Instead, the regulations of the former BDSG are to be incorporated into a new complementary sub-section. Article 32 of the BDSG, which was only introduced in September, is to be completely redrafted and will solely govern the scope of the sub-section in the future.
Key issues in the new regulations should cover the following topics:
The employer's right to request information in interview situations should be limited to information that is necessary in order to establish the suitability of an applicant. Similarly, health checks should only be permitted with the consent of the applicant and under the proviso that a check is necessary to determine an applicant's suitability for a specific role.
With a view to the data scandals in 2009, for example at Deutsche Bahn, specific regulations are to be created to counter corruption and to ensure the enforcement of compliance requirements. The use of employee data is only permissible in a proportionate manner and where this is necessary for compliance purposes. Collecting additional employee data is only permitted in cases of concrete suspicion.
The video surveillance standards should also be further extended in accordance with the amended regulation in Article 32(1)(2) BDSG . Hence, the surveillance of company areas that are not publicly accessible is only permissible where this is appropriate and necessary for the protection of important corporate interests. Secret surveillance is only permissible in cases of concrete suspicion.
The use of so-called tracking systems is only permissible to ensure employee safety or for co-ordination purposes, and should only be allowed during working hours or when an employee is on standby duty. The collection and use of biometric data is only permitted if this is necessary for operational purposes relating to authorization and authentication.
A regulation concerning the use of telephone, e-mail and Internet within the company should also be included. Until now, this has been governed by the German Federal Telecommunications Act. Subject to protected employee interests, monitoring should be permitted for specific purposes such as billing.
Regulations are also planned concerning the use of employee data after the termination of an employment relationship; an employee's consent to an employment contract; and the importance of collective labor and company agreements. Above all, the existing guidelines should be codified in accordance with former drafts. By contrast, compliance should only be permissible in explicitly regulated cases.
For companies, such legal regulations on employee surveillance, Internet and e-mail use, or video surveillance are initially beneficial for the purpose of legal security - although these facts can be regulated, they also offer scope for very different interpretations. Companies should not, however, assume that the guidelines contained in the draft bill are hitherto no longer valid. Instead, the draft regulation only codifies, as far as possible, the validity of the legal situation existing to date.
Ultimately, it remains to be seen how the Federal Government and the Federal Parliament will respond to the draft bill.