In view of the widespread activity of home offices since the outbreak of the Corona pandemic and the associated problems and risks, we would like to take this opportunity to once again refer to the Federal Labour Court (BAG) ruling on access to the contents of a privately used device (BAG, dated January 31, 2019 – 2 AZR 426/18). According to this ruling, the employer is entitled to view files that are located on a business device and are not marked as “private” or are obviously private in nature – even if there is no justified suspicion of a criminal offence or serious breach of duty.
In the case on which the decision is based, the plaintiff received from the defendant a car together with a fuel card for private use. In May 2013, the defendant reviewed the plaintiff’s work laptop as part of an internal audit. The background to the laptop review was the defendant’s suspicion that the plaintiff had illegally released documents to third parties. During the search, the defendant discovered the file “Tankbelege.xls.” in a folder “DW” created by the employee. It contained a list of the refuelling carried out by the plaintiff with the fuel card. Based on the fuel quantities recorded there, the refuelling data and the refuelling locations, the defendant at least strongly suspected that the plaintiff had not only refuelled his company car at the employer’s expense. The defendant therefore terminated the employment relationship on the basis of the urgent suspicion of a breach of duty in an extraordinarily. The plaintiff brought an action for dismissal protection against this. In the opinion of the plaintiff, the review and evaluation of the aforementioned file violated data protection law. The results of the examination of his business laptop were therefore unusable.
The judges in Erfurt saw this differently and decided in favour of the defendant: The inspection of the file “Tankbelege.xls.” and the further processing and use of the knowledge gained from it was permissible from a data protection point of view. There was therefore no prohibition of evaluation. According to sec. 32 para. 1 sentence 1 old version of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) (now sec. 26 para. 1 sentence 1 BDSG), personal data of an employee may be collected, processed or used for the purposes of the employment relationship, among others, if this is necessary for its execution or termination.
However, the employer must always carry out a proportionality check before collecting and processing personal data of employees. In particular, the general personal rights of the employee must be taken into account. This must be weighed against the employer’s legitimate interest in checking whether the employee fulfils his or her obligations under the employment contract. Accordingly, the collection, processing or use of data must not represent an excessive burden for the employee and must correspond to the significance of the employer’s interest in information.
However, data collection, processing or use may be permissible even without the existence of an initial suspicion based on facts. This applies in particular to open surveillance measures carried out according to abstract criteria, which do not place any employee under particular suspicion, and which serve to prevent breaches of duty and are not arbitrary.
The employer-friendly decision of the BAG is welcome: if data are collected in accordance with data protection law, they may also be used against the employee. The BAG also recognises the necessity of open investigation measures in the employment relationship. The decision is, however, limited to business data. If, on the other hand, data is marked as “private” or is obviously of a private nature, the employer may not inspect it. Furthermore, the employee must regularly be given reasonable notice of such an investigation in advance in order to give the employee sufficient time to mark folders and files as “private” and thus exclude them from being inspected.