Labor Courts in Germany extend Employer’s Rights to Monitor and Control Employee IT Devices

by Orrick - Global Employment Law Group
Contact

[author: ]

In a series of recent verdicts since 2011, Higher Labor Courts in Germany have increased the employer’s scope to monitor and control employees’ use of provided company IT and to sanction breaches of contract and statutory law discovered hereby. While the protection of the employee’s privacy and right to self-determination regarding his personal data had been the focus of the jurisdiction in the past, labor law jurisdiction has now strengthened the employer’s rights of ownership (as to their company IT) and of profession. This enables employers to track unlawful action committed by their employees on electronic devices in a more efficient way and will support employers particularly in the maintenance of their business operations, in litigation procedures against employees as well as in internal company (compliance) investigations.

1. Verdict by the Higher Labor Court Berlin-Brandenburg from February 16, 2011 (4 Sa 2132/10)

Until 2011, the employer’s possibility to access and control the computer of an employee, which was furnished by the employer in order for the employee to fulfill his contractual obligations, with regard to possible breaches of law depended on whether the employer had allowed the use of such computer for business purposes only or also for private use. According to lower German labor courts and German scholars, the grant of private use of company IT qualified employers as “providers of telecommunication services” in the sense of the German Telemedia Act (Telemediengesetz; “TMG”) and German Telecommunications Act (Telekommunikationsgesetz; “TKG”) to the effect that the employers were deemed to be subject to the requirements of the “secrecy of telecommunications” (Fernmeldegeheimnis). Such secrecy of telecommunication bans the respective service provider from reviewing “the contents and the detailed circumstances” of any communication that takes place via its communication channels. Lower German labor courts and German scholars argued that, due to the grant of private use of email and internet, employers could not be treated in a different way than professional providers of telecommunication services, such as AOL or T-Mobile, as the respective communication would no longer only relate to internal affairs of the company. Instead, there would be a risk that the employer takes note of private communication as well even if he intends to check business communication only.

By its verdict dated February 16, 2011, file reference number 4 Sa 2132/10 (see full text), the Higher Labor Court Berlin-Brandenburg amended this jurisdiction by giving up the hitherto existing aforementioned differentiation between sole business and allowed private use of the provided IT, and determined that in both cases access to the computer of an employee can be justified if the requirements of the German Data Protection Act (“Bundesdatenschutzgesetz; “BDSG”) are being met. The applicable provisions of the BDSG require that the protected rights of all involved parties, i.e. employer and employee, have to be balanced and that all relevant circumstances in the individual case at hand must be taken into consideration. In this regard, the employer must, in particular, ensure that no other measure is available which is “less severe” and which meets the pursued purpose of the control of the computer of the employee just as good.

The case at hand dealt with an employee working in the sales department of the employer who was also allowed the private use of company IT and who had been sick for several weeks. The employee had not activated the Out of Office Assistant (as requested). Therefore, the employer was not able to access the mailbox of the sick employee and, consequently, to handle and process the e-mail requests by customers of the company which were sent to the sick employee. As less severe means, the employer asked the employee to provide access to the e-mail account – to no avail. The employer then announced that he will access the e-mail account of the employee himself and granted the employee or a person of his trust, as well as a representative of the works council the right to join the access of the e-mail account. Eventually, the employer accessed the e-mail account of the sick employee, opened the e-mails received from customers and printed all relevant customers requests out.

Since he was granted the right to use the company IT as well, the employee felt that his protected secrecy of telecommunications was unlawfully affected and filed a claim for injunction against the employer. However, the Higher Labor Court Berlin-Brandenburg rejected such claim, arguing that in the case at hand the employer’s right to maintain due course of business operations overbalance the employee’s right to privacy.

2. Verdict by the Higher Labor Court Hamm from July 10, 2012 (14 Sa 1711/10)

These principles defined by the Higher Labor Court Berlin-Brandenburg were confirmed by a subsequent decision by the Higher Labor Court Hamm in July 2012 in which the court allowed the review of the internet log files saved on the computer of an employee and the exploitation of the results found hereby, even though the affected employee had also been granted the right to private use of the company IT. In such case, the employer suspected an employee to have sold missing company hardware on “eBay”, assuming that the employee either stole such hardware himself or deliberately sold it as a good stolen by someone else. In order to prove such allegation and to justify the termination of the employment with such employee with cause and immediate effect, the employer used chat protocols from the instant messaging service “SKYPE” which were available from the employee’s computer and which documented a conversation between the employee and another person that strongly indicated the employee’s personal participation in the aforementioned action.

The employee argued in court, among other things, that he did not consent to the use of the chat protocols. Without such consent, the use of the protocols would breach the employer’s legal obligation to comply with the secrecy of telecommunications and the provisions of the applicable German Data Protection Act.

The court, however, stated that the secrecy of telecommunications is not impaired by making use of said chat protocols which were saved on the personal computer of the employee even after the chat took place. These chat protocols would not be “ongoing communication” themselves; instead, they would only be “the saved contents and circumstances of a finished communication”. Furthermore, when balancing all protected rights of the parties in the case at hand, the court considered on behalf of the employer that he had previously informed all employees that (i) they could not expect confidentiality with regard to personal affairs if they used company IT for private purposes and (ii) the employer would control the use of telephones and computer and e-mail systems.

In any event, according to the Higher Labor Court Hamm, the interest of the employer regarding the clarification of a possible criminal offence and/or a significant breach of trust by the employee outweighs the employee’s interest in his data privacy. According to the argumentation by the Court, the employee himself had actively reduced his own data privacy by using the services of SKYPE on his business computer. When developing illegal activities against his own employer, an employee would need to expect that such employer will hold up any and all marks left by the employee through the use of electronic company resources.

3. Verdict by the Higher Labor Court Hamm from October 10, 2012 (3 Sa 644/12)

Such conclusions were upheld by the same court in a current decision dated October 10, 2012. This verdict dealt with the dismissal for cause of an apprentice (Auszubildender) who called his employer, among others, an “oppressor” and “exploiter” on his personal Facebook profile under the section “employer”. The Court considered this to be a relevant offence of the employer. Even though apprentices enjoy a special protection against dismissals under German Labor Law, the Court explicated in its verdict that the employee could not expect that such offence would not have any legal impact on this traineeship with the employer. By using a social network for this offence, the apprentice made it available to the public and could not hope that it would not be used against him.

The complete reasons for the judgment have not been published yet, but the ongoing tendency of German Labor Courts to limit the privacy rights of the employees are highly visible already.

4. Recommendations for companies

The new case law as set forth above promotes the employers’ rights to access to computers used by their employees. It will become easier for employers to expose breaches of law committed by their employees on hardware provided by the company. However, in each individual case the involvement of an existing works council, if any, and its participation rights granted under German law need to be taken into consideration.

In addition to this, the legislator intends to pass a new statute called “Beschäftigtendatenschutzgesetz”, hereby amending the current provisions of the BDSG. This statute law is likely to have significant impact on the protection of employee data and this area of law in general which has been in a constant state of flux.

 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Orrick - Global Employment Law Group | Attorney Advertising

Written by:

Orrick - Global Employment Law Group
Contact
more
less

Orrick - Global Employment Law Group on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.