The German Federal Labor Court ruled on July 27, 2017, that employees cannot be dismissed without notice for (alleged) working time fraud based on data obtained by the employer through the use of keylogger software, i.e. software that records all of an employee's keyboard input. This verdict presents us with an opportunity to more closely examine the requirements of and limits on employee surveillance.

1. Verdict of the Federal Labor Court from 7/27/2017 – 2 AZR 681/16 (press release no. 31/17)

In the case that led to this verdict, the employer had installed software on the employee's office computer that recorded all of the employee's keyboard input and took screenshots at regular intervals. The employer informed the employees of the use of this software by e-mail. After evaluating the employee's keylogger data, the employer dismissed the employee without notice, and by way of precaution with notice, due to working time fraud and in particular drew upon the keylogger data that had been collected to justify the decision. These data suggested that the employee had used his work computer during working hours to a significant extent to program a computer game for personal use and to send and receive e-mails for his father's business. The Federal Labour Court – as in previous cases – nullified the dismissal.

2. Significant statements of the verdict

The Federal Labor Court ruled that the data from the keylogger software and the knowledge gained from them regarding the private activities of the employee were excluded as evidence in the court proceedings. Specifically, collecting this information was not allowed according to § 32 par. 1 of the German Federal Data Protection Act (BDSG), since the employer, at the time of implementing the software, had no concrete that the employee was engaging in illegal activity or was otherwise in gross violation of duty. The employer collected the data without a clear reason, simply as a »shot in the dark«, and therefore collected the data in an illegal manner. Furthermore, the Court held that the use of keylogger software was not the mildest available option for determining violation of duty and was therefore excessive. For this reason, the data cannot be used as grounds for the dismissal.

3. Recommended action

The decision of the Federal Labor Court from 7/27/2017 demonstrates the limits but also the requirements for the legal use of collected (keylogger) data. Essentially, the Court bases its reasoning for the exclusion of evidence on a violation of § 32 par. 1 cl. 2 BDSG. Collecting data in the case of suspicion of a crime or another gross violation of duty is allowed according to § 32 par. 1 cl. 2 BDSG if:

  • actual indications, i.e. based on concrete facts, exist
  • which point to a crime or gross violation of duty,
  • these facts are documented,
  • the collection, processing and use of (keylogger) data is necessary to uncover the crime/gross violation of duty and
  • the collection, processing and use is not excessive.

If the employer wants to use (keylogger) software to prove a possible gross violation of duty (e.g. misuse of work time), he/she must demonstrate in detail which concrete circumstances before the use of the software led to the belief that the employee in question was using a work computer or the internet during working time for private use. It is therefore recommended that clear prohibitions be formulated, such as prohibiting private internet use or use of work computers for private purposes, in order to be able to assess and/or document use within these bounds.

Where the employer has documented, concrete indications of misconduct, (secret) surveillance (e.g. using keylogger software) can still only be considered according to the proportionality principle when the suspicion of violation of duty can not be investigated through milder means. But which milder means come into consideration here? Before a more thorough investigation as in the case decided by the Federal Labor Court, the following measures can be considered:

  • First, checking the employee's computer in the employee's presence is an inherently milder measure than secret, permanent surveillance, since the employee is given the opportunity to influence the type of surveillance being carried out and possibly avoid it by giving information freely or providing ad hoc (exonerating) explanations.
  • Another milder measure for discovering, for example, forbidden internet use is to evaluate log files. The evaluation of log files should first occur anonymously, and a connection of the data via IP address to a certain computer and therefore a certain employee should only occur when there is evidence of repeated visits to a certain website by a certain IP address.
  • Finally, random checks are an inherently milder approach than permanent surveillance as well and should therefore be conducted as a first step.