Workplace privacy

Employee data protection is the protection of personal rights in general and in particular of the right to informational self-determination of persons in their capacity as an employee within the company. Synonymous, the terms employee privacy, employee privacy and personal data protection and operating data protection ( DGB design ) can be used.

• 3.1 Preliminary control
• 3.2 Recent legislative activities in the employee data protection
• 3.3 Suggestions of the DGB

• 4.1 Richter law
• 4.2 Operating Agreements
• 4.3 Privacy in performance and conduct inspections
• 4.4 Monitoring of telecommunications
• 4.5 Video surveillance in the workplace
• 4.6 Networks and PC Monitoring

• 5.1 1984-2000
• 5.2 2001-2010

Basics

The employee data protection into account the peculiarities of employment in regard to data protection of the worker. Employers and employees are located, while legally as equal partners towards the employer is in fact economically and structurally superior to the workers. Namely, the employer determines the concrete form of the employment contract and determines the working conditions. He rules, when, where and how the employee must be employed. The employee may be these specifications are generally not escape. Where in a contractual relationship with a unilateral determination power, the Constitution enjoins special protection for the weaker party, in particular for contractual terms that allow for interventions in the general right of personality.

General legal background

It is a common misconception that the employer 's reasonable discretion is likely to interfere with the right to informational self-determination of the employee. Both the legal requirements in § 75 Section 2 Sentence 1 Works Constitution Act ( WCA), and Article 2, Paragraph 2, Sentence 3 of the Basic Law (GG), and the decisions of the Federal Constitutional Court ) have no discretion:

In addition to the authorized by law interference with the right to informational self-determination, such as fiscal norms ( HGB, AO ) and social legislation ( SGB), to restrictions on the general right of personality can occur where they collide with the same or higher rank fundamental rights of other holders of fundamental rights. In addition, interventions and the restrictions of contracts can be agreed quite effective to the extent that the Contracting content by unilateral determination power to realize any factual heteronomy. Permissible operations on formal - legal basis or individually contractual agreement, as well as restrictions on the general personality right by competing with other basic entities, are the regulatory competence of the operating parties.

Personnel files

The fundamental right of employees to self-determination is a limited equal standing right of the employer towards to collect relevant information about the personality of the employee, as well as and his abilities, skills and managerial behavior to the employment relationship, process and utilize, to the extent to justify, is implementation or termination of employment required. Since 2009, this right is normalized 32 Federal Data Protection Act ( BDSG) in §. Earmarking of personal data requires the employer to keep the personnel file carefully and to treat their contents confidential. Since no legal standard to the employer permits the collection and use of detailed information on the health of employees, and distribute such information, unless the employer obtains consented to by the employee of this knowledge, its not a regular part of a personnel file because of their strict earmarking. They must be kept separate from the other contents of the personnel file and specially protected against inappropriate information.

Regulations

Basic rules already determined by the Basic Law (GG) and the Works Constitution Act ( WCA) with regard to the participation rights of employee representatives. Single Contractual arrangements are then ineffective if the control event is subject to the WCA and no single agreement exists. This participation is valid only for the so -called atomic behavior, ie the special social behavior of workers, but not for the way people work, such as safety at work. Thus substantial portions of previously remain open. This can hardly be correct, also the individual contractual arrangements in collective agreements.

Provisional measures

Despite its great practical importance of employee data protection in Germany was not regulated by law explicated by 2009. Since 1978, the practice, therefore, resorted to the general regulations of the Federal Data Protection Act. Calls for creation of a special employee data protection law have not been met.

In the years 2008/2009 it was announced that major German companies such as the food discounters Lidl and the German railway had monitored their employees with partially improper methods. Special attention gained monitoring affair of Deutsche Telekom. Due to these incidents, the federal government decided in February 2009 to begin work on an Employee Data Protection Act again. As an " emergency measure " the Federal Data Protection Act has been added to § 32 BDSG. This provision is a provision for data collection, processing and use for purposes of employment. It entered into force on 1 September 2009.

Currently, in addition to the new, applicable since 1 September 2009 § 32 BDSG, there are various area-specific regulations that (also ) govern the self-determination rights of employees, for example in the German Telemedia Act, the Federal Civil Service Act, in the Bildschirmarbeitsverordnung, the Works Constitution Act and the Staff Committee laws. Genetic testing in the workplace are regulated by the Gendiagnostikgesetz since February 2010.

Recent legislative activities in the employee data protection

On 4 September 2009 the Federal Labour Minister Olaf Scholz presented a draft for a law on data protection in employment - before ( Employee Data Protection Act BDatG ). The proposed law would unify the existing regulations and court rulings on employee data protection and close existing gaps, according to Scholz. The design and its presentation shortly before the general election in 2009 experienced both praise and criticism. The coalition agreement of the second Merkel government provides for an extension of the Federal Data Protection Act to a separate area of employee data protection, a separate law there shall no more give. In early April 2010 brought the minister a first draft bill of the extended § 32 BDSG in the departmental co-ordination, which provides for a separate subsection for data collection, processing and use for purposes of employment with 14 digits to § 32 BDSG. The change of the data protection legislation in this area has been discussed more. The aim is to unite the fragmented jurisdiction of labor courts and thus create more legal certainty for employees and employers. Should be both operational practice and the case law handed down so far the labor courts a basis for the legal elaboration.

The Federal Cabinet has approved a draft law for the regulation of employee data protection on August 25, 2010. It is now 17/4230 published a new, revised draft employment data protection law on December 15, 2010, Bundestag printed paper.

Proposals of the DGB

There is a proposal of the German Trade Union Federation (DGB ) for employee privacy. This particular motion profiles and monitoring of rest rooms are prohibited.

Individual regulations

As long as a new law fails to employee data protection, many rules are decided by the courts under the principle of proportionality and due GG, WCA and other individual provisions of the Superior Courts, the Federal Labour Court and the Federal Constitutional Court and thus determines in individual cases.

Judge-made law

Since the laws governing data protection in the employment relationship is very patchy and not released all the details of company agreements, many questions are decided by the labor courts. Mention may be made, for example, the fundamental decisions of the Federal Constitutional Court on the illegal eavesdropping of non-public communication and the Federal Labour Court for video surveillance in the workplace and for monitoring of business telephone calls.

Operation agreements

In larger companies, data protection legislation relevant facts are often regulated in company agreements after the WCA, the civil service in service agreements. Such an agreement may be interference with the self-determination right of workers not to justify, but regulate. However, they do also establishes the limits which must not exceed the employer. Typical cases are operating agreements, etc., the use of e -mail and Internet services in operation, the use of trouble ticket systems, displays on the phone installations regulate and stipulate when and how an employer may monitor compliance with these Terms of Use.

Privacy in performance and conduct inspections

Contact points between the privacy of workers and the interests of the employer arise particularly when the employer performs performance and behavioral controls. If the employer has a legitimate interest in the checks and controls affect only slightly or not the rights of the employee, the employer is generally lawful. Accesses the employer to monitor for technical equipment back, for example, video cameras, time attendance systems, or electronic access controls, the works council or staff to § 87 Section 1 Subsection has a say, 6 WCA.

Often, for data protection required by § 4e BDSG process descriptions can be reused by technical means during operation agreements or service agreements for power and control of behavior and thus greatly simplify the cooperation between the works council and management.

Interception of telecommunications

The Federal Constitutional Court has specified the constitutional framework for accessing communication content in the Decision of 9 October 2002:

According to the provisions of the Constitutional Court of the constitutional protection granted under Article 10 paragraph 1 GG for all content (private as well as business) and for all types of transmission ( telephone, fax, VoIP, e- mail, SMS, MMS, Instant Messaging / XMPP, Skype, FaceTime, etc ).

Video surveillance in the workplace

A video surveillance by the employer provides for the monitoring of pressure associated with it a distinct change in the general right of the workers concerned dar. Therefore, it is permitted only in exceptional cases. Recognized reasons for a valid video surveillance are a particular need for security (eg video surveillance of the switch room of a bank). From the last agent in a self-defense or self-defense -like situation being said, must be "open" video surveillance. The video surveillance is also subject to the participation of the Works.

The Federal Labour Court has in Decision 1 ABR 21/ 03 dated 29.06.2004 very thoroughly examined with an operating agreement of a conciliation board for video surveillance in an operation and canceled this operating agreement due to serious deficiencies. In Order 1 ABR 16 /07 of 26.8.2008, the Federal Labour Court has again an operating agreement for video surveillance in operation analyzed and presented, based on which the safeguards agreement submitted ( except for a few minor errors ) is acceptable. In contrast, describes the older BAG- judgment 2 AZR 51 /02 of 27.3.2003, under what specific conditions an unauthorized covert video surveillance by the employer in a specific case can be excluded from an evidence recovery ban. See also the analysis of the BAG- judgment 2 AZR 485 /08 of 16.12.2010, paragraph 29 et seq.

In March 2008, Stern magazine reported on secret surveillance measures at the discount chain Lidl. Employees and customers had been filmed and played back without their knowledge. The company admitted that it was " limited in time with detective with camera equipment and in stores with extremely high inventory losses " work with. This is being done in order to " prevent inventory losses caused by theft ". A systematic spying was not intentional. In September 2008, the authorities responsible for Lidl supervisors verhingen for data protection fines totaling 1.462 million euros.

Networks and PC Monitoring

Access rules and access rules are essential to data security. Therefore, each user must identify on a secure network. An anonymous access is not allowed in the rule that access to legitimate and secure data and changes to it will also be recorded separately. This is already demanding the internationally standardized process model according to ISO 15408 ( Common Criteria ).

Regulations regarding the monitoring of the PC activities of employees can be found among others in the Bildschirmarbeitsverordnung and in the Works Constitution Act. According to paragraph 22 of the Annex to Bildschirmarbeitsverordnung may " [o ] ithout knowledge of the user [ ... ] are not used device for the qualitative or quantitative control." Thus, the employer is a secret use of surveillance software and hardware such as keyloggers prohibited. § 87 Paragraph 1 No. 6 WCA also stipulates that " the introduction and application of technical facilities that are intended to monitor the behavior or performance of the workers ," the participation of the Works or in the public service of the Staff Council, cf 3 75 para 3 no subject BPersVG 17.

History of employee data protection in Germany

1984-2000

The state of Hesse took over in 1986 in the Hessian Data Protection Act ( HDSG ) a provision for employee data protection. § 34 HDSG certain that employment data may be processed only if necessary for the entering into, execution, termination or completion of the service or employment or for carrying out intra THE SERVICE, planning, organizational, social and human action is required or a piece of legislation, a collective agreement or a service agreement provides for it. This provision was the first of its kind in Germany. It shall apply with few changes to the present, but only in the state of Hesse and only for government agencies and other public employers.

In 1984, the Data Protection Officer of the Federation and the countries called for the first time area-specific legal provisions on employee privacy. In 1992, she featured on principles for an Employee Data Protection Act. Trade unions have also campaigned for legislation. So put, for example, the German Confederation of Trade Unions in the year prior to 1999 vertices for a law on employee data protection.

The German Bundestag and the Bundesrat also saw action. The Bundestag passed several resolutions, in which it invited the respective government to work out a bill.

In 2000, led by Gerhard Schröder federal government planned by his own admission the presentation of a corresponding law, which should have the name "Law on information and communication in the employment relationship ." The project was not realized. The work on the law were set.

2001-2010

A portion of the employee data protection regulates the decision made in 2009 Gendiagnostikgesetz ( GenDG ). In Section 5 of the Act stipulates the conditions under which genetic testing in the workplace are allowed. The principle that an employer may not require that an employee or applicant can perform genetic tests or analyzes to be valid. The employer may test results do not accept or use ( § 19 GenDG ). Excluded from this prohibition are diagnostic genetic testing in the context of occupational medical examinations for employees in particular jobs (§ 20 GenDG ). The labor laws of Gendiagnostikgesetz occurred on 1 February 2010.

In the years 2008/2009 it was announced that major German companies such as the food discounters Lidl and the German railway had monitored their employees with partially improper methods. Special attention gained monitoring affair of Deutsche Telekom. Due to these incidents, the now led by Angela Merkel, German Federal Government decided in February 2009 to begin work on an Employee Data Protection Act again. The Federal Ministry of Labour and Social Affairs created then the draft "Law on data protection in employment ( employee data protection law - BDatG ) ", which was introduced by Labor Minister Olaf Scholz in September 2009 in the discussion. In view of the forthcoming parliamentary elections, the draft was not adopted by the CDU / CSU - SPD government.

After the change of government in 2009, the CDU / CSU and FDP agreed on creating no separate law on employee data protection, but instead the German Federal Data Protection Act to supplement a chapter on data protection for employees. The lead for this proposed legislation was referred to the Federal Ministry of the Interior. On 1 April 2010, Federal Interior Minister Thomas de Maiziére before cornerstones for a new employee data protection law.