CMS NewsMonitor Employment | Episode 40
Published on July 08
The importance of the interplay between data protection and works constitution law is illustrated by a recent decision of the Federal Labor Court (8 AZR 209/21).
The ruling was based on the following facts: As part of the group-wide introduction of a uniform personnel information system (Workday), the defendant employer, a group company, was to enter various personal employee data (including personnel number, name, telephone number, date of entry, email address) into the system for testing purposes. This was based on a works agreement concluded with the works council. However, the employer not only transferred the data covered by the works agreement to Workday, but also salary information, private home addresses, dates of birth, ages, marital status, social security numbers, and tax ID numbers.
An affected employee then sued for damages under Art. 82 GDPR. The Federal Labor Court partially upheld the claim and clarified that the transfer of data beyond the scope of the works agreement was not necessary within the meaning of Art. 6 (1) lit. f GDPR. The court left open the question of whether the data processing regulated in the works agreement was justified, as the plaintiff did not pursue this point further.
The case illustrates how essential it is to carefully coordinate works constitution law and data protection law. Under Austrian law (Section 96a (1) (1) ArbVG), a works agreement is also mandatory for the processing of personal data that goes beyond general personal details and professional requirements – a circumstance that affects almost all common IT tools.
Nevertheless, a works agreement cannot override data protection requirements: it cannot establish a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR where no such interest exists. Nor can it permit data processing if the constitutionally protected interests of the employees outweigh those of the employer. Nevertheless, the works agreement plays a central role in balancing the conflicting interests – the legitimate interest of the employer on the one hand and the interests of the employees worthy of protection on the other. It is therefore advisable to draft works agreements in such a way that they adequately regulate this interaction and thus create legal certainty.
Given the dynamic nature of modern system landscapes, it is hardly practical to conclude individual works agreements for each (new) system component. Framework works agreements, which set standards but still require a separate agreement for each system, also have their limitations. Our solution is therefore to develop a comprehensive works agreement that covers the entire existing and future system landscape – including AI applications – in a largely dynamic manner.
If you need support in (re)designing your works agreement landscape or reviewing your data protection principles, we will be happy to advise you.
