Since 1 September 2009 protection of employee personal data has been regulated by Section 32 of the Federal Data Protection Act (BDSG).
Section 32 BDSG was enacted as a reaction to many cases involving employers implementing inappropriate/illegal monitoring of employees. The regulation was designed to codify the German case law in order to ensure employees' right to privacy was adequately protected. However, the legislator failed to achieve legal certainty with Section 32 BDSG. Accordingly, it is envisaged that new legislation in this respect will shortly be passed in Parliament.
The new legislation proposed by the federal government, comprising 13 sections (Sec. 32 to 32l BDSG), is designed to strengthen the protection afforded to employees by, inter alia, incorporating the current case law on this subject. The most notable new regulations cover the following issues:
- Extensive data protection during the recruitment process. Notable in this regard is the fact that employers will in most cases be prohibited from gathering data via social networks.
- Rules on employees' usage of telecommunication services (i.e. phones, internet, fax etc) at work.
- Scope of employers' ability to monitor their employees in order to observe compliance guidelines etc. and to combat corruption.
- Prohibition of permanent video surveillance at work.
- The use of GPS positioning systems and biometric data within the employment relationship.
- New rules regarding obtaining employees' consent to the processing of their data and the possibility of legitimatising the use of data by means of works council agreements.
The legislative procedure is in one of the final stages but the legislation still needs to pass Parliament. It will go to a formal first reading in Parliament on 24 February 2011.