News on the draft bill on employee data protection has been quiet for more than two years. Apparently, the focus has been shifting to European level as all eyes are on the recent proposal for a new regulation to replace the Data Protection Directive 95/46/EC. The regulation would be directly effective without the need to implement domestic laws. The result should be an essentially harmonised regime, albeit with some limited scope for differing local approaches in a few areas.
Quite surprisingly, at the beginning of 2013 it became publicly known that the German legislature has engaged in a new initiative to adopt the bill on employee data protection within an extremely short time frame - of only a few weeks. At first, the government planned for final discussion of the new rules to take place in parliament, in mid- January 2013. In light of the indignation to the proposal, in particular by the German Federal Commissioner for Data Protection, Peter Schaar, the government decided to postpone the initiative for a few weeks. After some protracted seesawing, the draft bill has been put on hold. However, it is expected that the legislation process will recommence shortly.
Below we summarise the most intensely discussed provisions of the draft bill on employee data protection:
- In practice, the most relevant provision for all mid-sized and big companies, in particular for multinationals, includes the facilitation of the transfer of employee data between affiliated companies. The draft bill finally contains a group privilege for employee data where this serves group purposes.
- Collecting data of employees from publicly available sources will be regulated in a more practicable manner. The new bill will probably no longer distinguish between social networks that are primarily used for the presentation of professional qualifications and other social networks which the employer may not use.
- It will be very interesting to see whether it will be allowed to deviate from the new statutory rules by concluding works agreements, if the deviation would result in unfavourable consequences for affected employees.
- There will be more detailed rules on internal investigations and the monitoring of employees. Data screenings involving employee data will be permissible not only if there is concrete evidence of a criminal offence but also in order to fulfil statutory audit or control obligations.
- The draft bill contains special rules for the use of CCTV. Video surveillance at work will still be permissible but only under very restricted circumstances.