On August 25th, 2010 the Cabinet passed a comprehensive bill amending the German Federal Data Privacy Protection Act. The bill now goes to the German Parliament. A brief overview follows, discussing the most important changes that in all probability will soon become mandatory federal law. [UPDATE January 29th, 2013: The revised amendment on employee data protection was taken off the agenda of relevant parliamentary subcommittee today. As general elections in Germany will take place on September 22nd, 2013, it is unlikely that the amended Federal Data Protection Law will be further discussed or enacted in the current electional period. A summary of the latest developments in German can be found here.]
- Surveillance of business premises primarily used by employees for matters that have to do with their own lives (sanitary facilities, changing rooms and bedders) will be categorically prohibited.
- Covert video surveillance will only be permitted if there are actual clues and grounds for suspicion of crimes or serious breaches of contract. Hence, routine deployment of covert video surveillance will be prohibited.
- Open video surveillance – for example at company entrances or for quality control purposes – will be allowed „in as far as it is necessary for safeguarding important business interests″, if it is not contrary to employees‘ interests and if employees are made aware of the camera.
- Employers are permitted to track the location of an employee during working hours and time spent on standby duty only, that is, not during time off or leave. If employees are permitted to use their company car, for example, for private purposes, GPS tracking of their location will not be permitted during the private use. Even the collection, use and processing of data during working hours and time spent on standby duty will not be permissible unless this is necessary for operational reasons, e.g., when the employee is transporting valuable papers and the employer therefore has a considerable interest in continuously tracking the location of its property.
- Secretly tracking the location of employees is not permissible. In order to provide the required transparency for employees, employers have to make the deployment of a positioning system recognizable and must inform employees of the manner in which the positioning data is used.
Use of Telephone, E-mail, and Internet
The monitoring of an e-mail inbox will only be possible if private use is prohibited, if this is known to employees, and if monitoring is indispensable for carrying out business operations in due manner. Other than this change, the new law does not include a special regulation regarding private use of telecommunication means, so aside from the change regarding e-mail, the current legal requirements continue to apply:
- If employees are permitted to use the employer’s telecommunications systems for business use only, employers are entitled to monitor communication to the degree required, for example, for monitoring of performance and conduct. However, the legitimate protectable interests of employees must always be observed.
- Surveillance of private communication is permitted in rare cases only. Serious suspicion (for example, of industrial spying) and the lack of any other possibility of clarification are required in this respect.
Use of Social Networks
The bill also provides for restrictions on employers regarding the use of so-called „social networks″. In the context of a selection/application procedure, applicant data gained from social networks may only be used if these networks are for the purpose of „describing the professional qualification″.
That means that generally employers may not collect data from social networks like Facebook because this data primarily serves social communication and not professional development. This may well be different in the case of data from networks like LinkedIn that are designed exactly for the purpose of describing professional qualifications. Details in this respect will have to be clarified by the courts.
Health Examinations and Suitability Tests
Health checks and suitability tests will only be permitted if they are necessary to scrutinize an employee’s suitability either because there are actual doubts about their ongoing suitability, or because a change of their function or workplace is intended. Health examinations may only be carried out by doctors and are only permissible if meeting special health requirements is an essential and decisive job requirement.
Prevention of Corruption/Implementation of Compliance Requirements
Employee data already in the employer’s possession may only be compared with other data in its possession (“data replication”) if this comparison is for the detection of criminal offences or other serious breaches of duty committed by the employee. The bill provides for strict requirements for use of such data relating to the prevention of corruption and compliance, as follows:
- Initially, the comparison must be made in a way that preserves employee anonymity.
- The data may only be “personalized” (i.e., may only allow personal identification of the individuals concerned) if such comparison on an anonymous basis gives rise to suspicion of a criminal offence or a serious breach of duty.
- Another prerequisite is that the criminal offence or the serious breach of duty must have been perpetrated in connection with the employment relationship.