YOUR
Search

    29.04.2021

    BAG: Data protection as a trigger for a settlement: a blanket demand for copies of data is insufficient


    Judgment of the Federal Labour Court of 27 April 2021 in Case No. 2 AZR 342/20

     

    The Federal Labour Court (BAG) was asked to take a decision on the practical question of to what extent an employer must provide an employee who is leaving the company with a copy of email correspondence and make all emails available in which the employee was named. The Court was able to leave open the question about the scope of the right to data copies (Article 15 (3) GDPR) because the appeal failed on procedural grounds.

     

    Background

     

    Employers are regularly facing claims that can only be met at significant expense in connection with (threatened) actions against unfair dismissal. Rarely will data protection concerns be paramount. Instead, employees are often more interested in increasing the pressure on their (former) employer as motivation for a proposal of a more generous settlement. Data protection is instead used as a pawn by the parties while the right to self-determination of personal information is rarely the focus.

     

    Claims to the release of comprehensive data copies raise important data protection law issues. When the claim is made for copies of all email exchanges from the whole period of employment, the copies normally reveal personal information not only about the employee making the claim, but also about the communication partner, such as the sender or recipient of each email. The employer is not allowed to simply give out their personal information, even if the employee already knows who they were communicating with. To this extent, the right to data copies under Article 15 (4) GDPR is limited to where the rights and freedoms of other persons are not affected. With respect to any third parties concerned, such as the sender or recipient, the release of email copies constitutes special data processing which requires a legal basis. That is why the employer must either carry out a careful data protection review and document this review before releasing such data copies or ensure that all personal information concerning such third parties is unidentifiable. Both options normally involve considerable effort and expense.

     

    Facts of the case

     

    The judgment of the BAG is based on facts often be found in cases before German courts. The employer terminated the employment relationship during the probationary period. The employee brought an action against unfair dismissal. At the same time, he brought a claim for all information that the employer had about him, as well as a claim for a copy of this information. He requested the release of all emails that he had sent or received or in which he was named under data protection law. The Labour Court dismissed the claim. The Regional Labour Court ordered the employer to release copies of the documents, which were used to respond to his request for information. Otherwise, the Court dismissed the appeal. With his appeal to the BAG, the employee continued to pursue his request for copies of all email communications in which he is named.

     

    Requirement to provide copies of all emails is too “vague”

     

    The appeal to the BAG was unsuccessful on procedural grounds (lack of certainty of the application). In the Court’s view, it remained unclear which email copies had to be provided if the claim for information was executed as the employee had simply claimed all emails in which he “is mentioned by name”. The Claimant had to define the emails so specifically that they could be identified without any doubts in enforcement proceedings. The full text of the judgment is not yet available. However, the press release from the Court indicates that the Erfurt Judges require employees to use a so-called action by stages to first bring a claim for information about which emails concerning the employee are in the employer’s possession. Based on this information, the employee would then be able to provide a sufficiently precise application for the delivery of a copy of the data and enforce his rights.

     

    Consequences for practice

     

    The controversial and very relevant issue of the scope of a claim to a copy of data under data protection law, in particular the extent to which copies of an extensive email portfolio are to be provided, remains unsettled at the highest level. This is unsatisfactory for practice. Failure to properly comply with the right to data copies can result in draconian fines and expensive compensation claims.

     

    At least it has been clarified that a claim to data copies must be sufficiently specific for the courts. The claim therefore contains “procedural hurdles”, which should dissuade employees from randomly making a blanket claim for their whole email correspondence.

     

    Instead, a claim for data copies must be sufficiently specific and stipulate which copies exactly are to be provided. This will provide reasonable limits to the scope of such claims and facilitate the transparency and feasibility of such claims for employers.

     

    Before the highest Court will be able to clarify these data protection law issues, a comparable case with slightly different litigation tactics, such as an action by stages, will need to be brought before the German courts. Employees are unlikely to change their strategy towards their (former) employer, and data protection is unlikely to only become the subject of proceedings when it is the substantive issue. It remains to be seen whether and to what extent an action by stages will be used as such procedures are often very time intensive and thus not expedient for either party.

     

    Practical tip

     

    Companies should therefore continue their data protection approach and only provide copies of employee data, including individual emails, where the employee has specifically requested the data and where such data can be legally provided (for instance, with part of the information blacked out). Often, the claim for information is brought as “leverage” in combination with an action against unfair dismissal and to strengthen the position when negotiating a settlement. In cases of termination of employment during the probationary period, in particular – like that in the case before the BAG – the employee has few arguments in favour of the payment of a settlement due to the lack of protection against unfair dismissal. In a comparable case of the termination of employment and resulting action against unfair dismissal, any claims for information and copies of data under data protection law should be dealt with as part of a “whole deal”. A so-called factual settlement, for example, could be reached where the data protection law claims are recalled or even waived.

     

    Gerd Kaindl

    Susanne Klein

    Lennart Kriebel

     

    E-Commerce Action Plan: Germany’s Strategy…
    On 6 September, the German Federal Ministry of Economics and Technology (“BMWK”)…
    Read more
    Consent Management Regulation - Goodbye co…
    According to a recent study by Bitkom, 76% of internet users feel annoyed by coo…
    Read more
    ADVANT Beiten Advises Aesculap on Sale of TETEC AG to the Canadian Octane Group
    Dusseldorf, 26 June 2024 – The international law firm ADVANT Beiten has provided interdisciplinary advice to Aesculap AG, a subsidiary of the B. Braun group seated in Melsungen, Germany, on the sale of its…
    Read more
    Silent whistleblowers? Effects of the Whistleblower Protection Act on confidentiality agreements
    In addition to the much-publicised obligations, in particular the establishment of reporting channels, the new Whistleblower Protection Act (HinSchG) primarily contains rights for whistleblowers. They now …
    Read more
    Update AI Act - the ten most important questions for users of AI systems
    After the political agreement on the AI Act was effectively announced in the media in December 2023, the now provisionally final version was adopted on 13 March 2024. The AI Act was approved by the Europea…
    Read more
    Artificial intelligence: what is more important than the AI Act?
    The EU recently passed the EU Artificial Intelligence Act (AI Act) with much fanfare. The Act is a milestone (see our blog post for more details). It is really relevant for providers and deployers of AI…
    Read more
    ADVANT Beiten Advises COMEM Group on Acquisition of Weidmann Technologies Deutschland
    Berlin, 2 April 2024 – The international law firm ADVANT Beiten has comprehensively advised COMEM S.p.A., headquartered in Italy, on the acquisition of all shares in Weidmann Technologies Deutschland GmbH,…
    Read more
    The Cyber Resilience Act: What You Should Know Now
    Almost unnoticed in the shadow of the AI Regulation, the so-called Cyber Resilience Act ("CRA") was passed by the European Parliament on March 12, 2024. This comprehensive law introduces extensive security…
    Read more
    Cloud, SaaS and edge business models under fire
    The EU Data Act came into force on January 11, 2024. Up to now, connected products have been the main focus of public interest. However, providers of cloud, SaaS, edge and similar services are also affe…
    Read more