Just in time for the 10th anniversary of the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG) the European Court of Justice (ECJ) has clarified that European anti-discrimination law does not protect mock applicants, i.e. applicants who are not interested in being hired, but solely apply in order to bring claims on the grounds of discrimination. The judgment will make it easier for companies in Europe to reject such discrimination claims in the future.
Last week, Germany’s Financial Supervisory Authority (BaFin) unveiled a centralized platform for receiving whistleblower complaints, including anonymous complaints, of alleged violations of supervisory provisions within the financial sector. The move appears to represent a shift in German ideology toward a more favorable view of anonymous reporting, which for many years was discouraged in Germany and more broadly in the EU due to the risk of “organized systems of denouncement.” Under the new program, whistleblowers may submit reports in writing (on paper or electronically), by phone (with or without recording the conversation), or verbally. BaFin’s press release announcing the program states that it will make the anonymity of whistleblowers a “top priority,” and that it will not pass on the identity of whistleblowers to third parties. The program is “aimed at person with a special knowledge of a company’s internal affairs – for example because they are employed there or have some other contractual relationship or relationship of trust with the company.”
BaFin was required to implement this new platform due to an amendment to the German Act on Financial Services Supervision. Notably, the Act only applies to the financial services sector, not including external accountants, tax consultants and attorneys. It provides that employees working in the financial services sector may not be held liable for reporting potential or actual breaches of law under either employment law or criminal law, unless the report was false or grossly negligent.
After the Court of Justice of the European Union declared the EU-U.S. Safe Harbor Framework invalid in October 2015, multinational companies with employees in the EU are facing the question how to legally transfer personal data. Current developments in the process of the proposed EU-U.S. Privacy Shield result in further uncertainty for companies relying on transatlantic data flows.
Employee Data Protection in the EU is subject to major changes, notable to multinational companies with employees in the EU.
A few days ago, after 4 years of negotiation, the European Parliament adopted the General Data Protection Regulation (“GDPR”). As it is planned to be effective in 2018, companies should be aware that they only have two years from now to prepare for compliance.