Employers may collect browser data of their employees without their approval, if (1) there is reasonable suspicion that the employee uses his (business) computer and/or the office internet improperly and (2) there is no other means to prove this improper use than the collection of browser data (LAG Berlin-Brandenburg, Urt. v. 14.01.2016 – 5 Sa 657/15).
In the case ruled by the Higher Labour Court in Berlin (Landesarbeitsgericht, the “LAG”), the employer had given to the employee a computer for business purposes. Private use of the internet was only permitted in exceptional cases and during breaks (which seems to be a quite common regulation).
After there had been indications that the employee was using the internet for private purposes significantly more than this, the employer started to read out and evaluate the browsing history without prior approval of the employee. After finding that the employee had used the office internet for private purposes as much as five out of 30 working days, the employer terminated the employment contract for cause.
The LAG found that this termination was justified and valid. Taking into account the mutual interests of both parties, the improper use of the internet was enough reason to terminate the employment contract immediately. Even if the browser data is personal data falling under the scope of German data protection laws, the results of the evaluation of the browser history can be used in court proceedings for two reasons:
- Because the German Data Protection Act (Bundesdatenschutzgesetz, the “BDSG”) allows the storage and the exploitation of the browsing history for the purpose of abuse control without the approval of the data subject (the employee); and
- Because the employer did not have another possibilty to prove the scope of the abuse by the employee.
The LAG stated explicitly, when and in how far an employer has the right to control what his employees are doing on the internet:
- If there is an explicit regulation and
- If there is reasonable suspicion that an employee does not comply with such regulation.
For employers, this means that they have to be very clear when and in how far the office internet (and moreover, office computers) may be used for private purposes. If there is such regulation (preferably in written form), and if and employer has reasonable suspicion with regard to a certain employee, that this employee does not comply, he may read out and evaluate the browsing history. However, the court left open which requirements apply for the “reasonable” suspicion. This will have to be clarified in the future.
The ruling is not final. The LAG permitted an appeal to the Federal Labour Court (Bundesarbeitsgericht).