Making sense of the data protection landscape

Against the backdrop of digitalisation, up-to-date data protection law is important. With the General Data Protection Regulation, Europe has set the course for the realignment of data protection.

The new data protection regulations mean that the EU has a high level of data protection. Germany has adapted its national data protection law to the European requirements and created regulations for employee data protection in the Federal Data Protection Act. The implementation of the new regulations still poses challenges for employers. Employers must be provided with practical assistance in order to implement and apply the regulations in a legally secure manner. A stand-alone Employee Data Protection Act is neither necessary nor does it facilitate application in practice. The aim is to create legal certainty for employers and employees and to reduce unnecessary bureaucratic hurdles.

In practice, collective agreements such as works agreements have proven their worth in establishing practical arrangements for the processing of personal data between employers and employee representatives. The General Data Protection Regulation and the revised Federal Data Protection Act rightly provide that these tried and tested instruments can continue to be used. They must not be unduly burdened by new requirements. Regulations through collective bargaining agreements, works agreements or individual agreements enable the fast and better adaptation to technical progress that is necessary in the age of digitalisation. Rigid legal requirements hinder technical progress - also in the employment relationship.

Employee data protection
The possibility of being able to consent to the processing of one's data is an expression of private autonomy. It is therefore essential that the General Data Protection Regulation and the revised Federal Data Protection Act continue to permit the granting of consent in the employment relationship. However, new, unclear requirements that overburden employers and employees are a cause for concern. For example, consent is to be given voluntarily if the employer and the employee are pursuing similar interests. When this is the case remains largely unclear.
In the further development, specific restrictions of data protection law must be reviewed for their meaningfulness. Digitisation and, as a consequence, the processing of large amounts of data must be appropriately flanked by legal regulations. Legal requirements must not stand in the way of the processing and further use of such data. They must help employees and employers to use this data and turn it into opportunities for companies and employees.