Private use of the internet and the rights of the employer

Employers may collect browser data of their employees without their approval, if (1) there is reasonable suspicion that the employee uses his (business) computer and/or the office internet improperly and (2) there is no other means to prove this improper use than the collection of browser data (LAG Berlin-Brandenburg, Urt. v. 14.01.2016 – 5 Sa 657/15).

Continue reading

Home office solutions for employees – requirements under German data protection law

Under German data protection law, as well as under the European data protection directive (95/46/EC), there exist no specific provisions that would govern the processing of personal data in home office scenarios. Only few German data protection authorities published recommendations on how or which kind of technical or organizational measures should be implemented, if a company wants to grant its employees the benefit of working at home. The few existing recommendations remain mainly vague and don’t name specific measures which must be taken.
Continue reading

Monetary Penalties for Data Protection Breaches: ICO vs. German DP Authorities

I have just stumbled upon the Information Commissioner’s Office’s  page that informs the British public on the monetary penalties that the ICO has handed down over the last 1 ½ odd years: 26 penalties of about £ 120,000 on average. Not that that kills any of the public authorities and private companies involved (and nor should it). But it shows that where the ICO believes that a breach is serious enough to warrant a monetary penalty the penalties are not only symbolic but designed to at least sting a bit. Continue reading

Art. 82 of the (Draft) General Data Protection Regulation

The (Draft) General Data Protection Regulation being a Regulation it not only aims at fully harmonizing the field of law it covers (as some Directives do) but would achieve that goal by simply being the (only) directly applicable law as far as its reach goes. Plus the Commission’s “empowerment to adopt delegated acts”, of course, which is a rather intriguing idea from a democracy point of view. But that’s another story.

One of the very few areas where the member states are given a certain amount of legislative leeway is set forth in Art. 82 of the Draft Regulation. Continue reading

Employee Data Protection Act to be (Finally) Finalized?

It has been an ongoing (if disrupted) saga since 2010, but it could be that the pending Federal Act on Employee Data Protection (we Germans simply cannot live without regulation on each and every aspect of life) will be finished and pushed through the competent legislative bodies (in 2012 even, as it has been suggested?).

So, what would be new? Well, until now we have been doing with just one, if very abstact, section in the Federal Data Protection Act. Now, we’d enjoy some 13 or so sections, each, not surprisingly, composed of several exhausting paragraphs. Fun for us lawyers, certainly! On the other hand, however, some grey areas (e.g. video surveillance, collecting telecommunications data) would actually be (somewhat) clarified. Yet, the most interesting new development is that, apparently, it would be possible Continue reading