In a series of recent verdicts since 2011, Higher Labor Courts in Germany have increased the employer’s scope to monitor and control employees’ use of provided company IT and to sanction breaches of contract and statutory law discovered hereby. While the protection of the employee’s privacy and right to self-determination regarding his personal data had been the focus of the jurisdiction in the past, labor law jurisdiction has now strengthened the employer’s rights of ownership (as to their company IT) and of profession. This enables employers to track unlawful action committed by their employees on electronic devices in a more efficient way and will support employers particularly in the maintenance of their business operations, in litigation procedures against employees as well as in internal company (compliance) investigations.
1. Verdict by the Higher Labor Court Berlin-Brandenburg from February 16, 2011 (4 Sa 2132/10)
Until 2011, the employer’s possibility to access and control the computer of an employee, which was furnished by the employer in order for the employee to fulfill his contractual obligations, with regard to possible breaches of law depended on whether the employer had allowed the use of such computer for business purposes only or also for private use. According to lower German labor courts and German scholars, the grant of private use of company IT qualified employers as “providers of telecommunication services” in the sense of the German Telemedia Act (Telemediengesetz; “TMG”) and German Telecommunications Act (Telekommunikationsgesetz; “TKG”) to the effect that the employers were deemed to be subject to the requirements of the “secrecy of telecommunications” (Fernmeldegeheimnis). Such secrecy of telecommunication bans the respective service provider from reviewing “the contents and the detailed circumstances” of any communication that takes place via its communication channels. Lower German labor courts and German scholars argued that, due to the grant of private use of email and internet, employers could not be treated in a different way than professional providers of telecommunication services, such as AOL or T-Mobile, as the respective communication would no longer only relate to internal affairs of the company. Instead, there would be a risk that the employer takes note of private communication as well even if he intends to check business communication only.
By its verdict dated February 16, 2011, file reference number 4 Sa 2132/10 (see full text), the Higher Labor Court Berlin-Brandenburg amended this jurisdiction by giving up the hitherto existing aforementioned differentiation between sole business and allowed private use of the provided IT, and determined that in both cases access to the computer of an employee can be justified if the requirements of the German Data Protection Act (“Bundesdatenschutzgesetz; “BDSG”) are being met. The applicable provisions of the BDSG require that the protected rights of all involved parties, i.e. employer and employee, have to be balanced and that all relevant circumstances in the individual case at hand must be taken into consideration. In this regard, the employer must, in particular, ensure that no other measure is available which is “less severe” and which meets the pursued purpose of the control of the computer of the employee just as good.
The case at hand dealt with an employee working in the sales department of the employer who was also allowed the private use of company IT and who had been sick for several weeks. The employee had not activated the Out of Office Assistant (as requested). Therefore, the employer was not able to access the mailbox of the sick employee and, consequently, to handle and process the e-mail requests by customers of the company which were sent to the sick employee. As less severe means, the employer asked the employee to provide access to the e-mail account – to no avail. The employer then announced that he will access the e-mail account of the employee himself and granted the employee or a person of his trust, as well as a representative of the works council the right to join the access of the e-mail account. Eventually, the employer accessed the e-mail account of the sick employee, opened the e-mails received from customers and printed all relevant customers requests out.
Since he was granted the right to use the company IT as well, the employee felt that his protected secrecy of telecommunications was unlawfully affected and filed a claim for injunction against the employer. However, the Higher Labor Court Berlin-Brandenburg rejected such claim, arguing that in the case at hand the employer’s right to maintain due course of business operations overbalance the employee’s right to privacy.
2. Verdict by the Higher Labor Court Hamm from July 10, 2012 (14 Sa 1711/10)
These principles defined by the Higher Labor Court Berlin-Brandenburg were confirmed by a subsequent decision by the Higher Labor Court Hamm in July 2012 in which the court allowed the review of the internet log files saved on the computer of an employee and the exploitation of the results found hereby, even though the affected employee had also been granted the right to private use of the company IT. In such case, the employer suspected an employee to have sold missing company hardware on “eBay”, assuming that the employee either stole such hardware himself or deliberately sold it as a good stolen by someone else. In order to prove such allegation and to justify the termination of the employment with such employee with cause and immediate effect, the employer used chat protocols from the instant messaging service “SKYPE” which were available from the employee’s computer and which documented a conversation between the employee and another person that strongly indicated the employee’s personal participation in the aforementioned action.
The employee argued in court, among other things, that he did not consent to the use of the chat protocols. Without such consent, the use of the protocols would breach the employer’s legal obligation to comply with the secrecy of telecommunications and the provisions of the applicable German Data Protection Act.
The court, however, stated that the secrecy of telecommunications is not impaired by making use of said chat protocols which were saved on the personal computer of the employee even after the chat took place. These chat protocols would not be “ongoing communication” themselves; instead, they would only be “the saved contents and circumstances of a finished communication”. Furthermore, when balancing all protected rights of the parties in the case at hand, the court considered on behalf of the employer that he had previously informed all employees that (i) they could not expect confidentiality with regard to personal affairs if they used company IT for private purposes and (ii) the employer would control the use of telephones and computer and e-mail systems.
In any event, according to the Higher Labor Court Hamm, the interest of the employer regarding the clarification of a possible criminal offence and/or a significant breach of trust by the employee outweighs the employee’s interest in his data privacy. According to the argumentation by the Court, the employee himself had actively reduced his own data privacy by using the services of SKYPE on his business computer. When developing illegal activities against his own employer, an employee would need to expect that such employer will hold up any and all marks left by the employee through the use of electronic company resources.
3. Verdict by the Higher Labor Court Hamm from October 10, 2012 (3 Sa 644/12)
Such conclusions were upheld by the same court in a current decision dated October 10, 2012. This verdict dealt with the dismissal for cause of an apprentice (Auszubildender) who called his employer, among others, an “oppressor” and “exploiter” on his personal Facebook profile under the section “employer”. The Court considered this to be a relevant offence of the employer. Even though apprentices enjoy a special protection against dismissals under German Labor Law, the Court explicated in its verdict that the employee could not expect that such offence would not have any legal impact on this traineeship with the employer. By using a social network for this offence, the apprentice made it available to the public and could not hope that it would not be used against him.
The complete reasons for the judgment have not been published yet, but the ongoing tendency of German Labor Courts to limit the privacy rights of the employees are highly visible already.
4. Recommendations for companies
The new case law as set forth above promotes the employers’ rights to access to computers used by their employees. It will become easier for employers to expose breaches of law committed by their employees on hardware provided by the company. However, in each individual case the involvement of an existing works council, if any, and its participation rights granted under German law need to be taken into consideration.
In addition to this, the legislator intends to pass a new statute called “Beschäftigtendatenschutzgesetz”, hereby amending the current provisions of the BDSG. This statute law is likely to have significant impact on the protection of employee data and this area of law in general which has been in a constant state of flux.