Revision of current data protection legislation in Germany has been the subject of debate before the German parliament since 2009. A draft Bill which resulted was heavily criticised by both trade unions and employer associations. However, it appears that the debate may have re-ignited recently and the most recent version draft legislation could become law in the near future.
The focus of the Bill, so far as employers are concerned, is the protection of data relating to job applicants and employees. The main new elements include explicit regulation of the detection and prevention of criminal offences or serious breaches of obligation, use of video surveillance and the use of biometric assessments and telecommunications services.
In the context of recruitment, the draft legislation includes clear guidance as to the information a prospective employer is entitled to request during the application process. This is limited to such information as is necessary for determining the applicant's suitability for the post. In addition, the proposals seek to regulate employer access to social networks.
In the wider context of the transfer of data, the new proposals would allow an intra-group exemption, enabling employee data to be transmitted between legally independent enterprises "to the extent that the transmission is required to preserve a legitimate interest arising from the affiliation to the group", providing the employee has no overriding legitimate interest requiring protection.
As currently drafted, deviations from the regulations will still be possible where consent is obtained or a workforce agreement is in place. As a result, works councils will continue to play an important role in how the regulation of data protection applies in the work place.
Should the proposed Bill be adopted, the new regulations could be implemented as early as the start of 2013. It appears there would be no conflict with EU regulation on data protection since Art. 82 of the EU Regulation published in January 2012 expressly authorises EU Member States to regulate the protection of data within the scope of employment relationships.