|OVERVIEW||Germany is regarded as having the strictest data protection laws in the world. Germany privacy and data protection laws are vigorously enforced.|
|GENERAL PRIVACY LAWS||Article 10 of Basic Law (the German Constitution) provides basic privacy protections for letters, posts and telecommunications.|
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||
Germany has one of the strictest data protection laws in the world, both at the state (Land) and at the federal levels
Federal Data Protection Law, 2002, implements the requirements of the EU Data Protection Directive.
The Law applies to data controllers located in Germany or to those located outside Germany but processing personal data in Germany.
The Act on Employee Data Protection goes into effect in 2011. This Act provides significant privacy rights for employees and regulates the collection and use of employee personal information throughout the employment relationship.
|TYPE OF DATA PROTECTED||Personal Data.|
|WORKPLACE PRIVACY LAWS||
Currently, no law specifically governing workplace privacy; however, several laws have implications for workplace where the employer has permitted private use of email and the Internet. And, the Act on Employee Data Protection will regulate all aspects of processing of employee personal information. Specifically included is surveillance, the use of location tracking systems, biometric procedures and the use of telecommunication services. Also covered is the collection of personal data from social networking.
The Works Constitution Act gives works councils co-determination rights over: rules of conduct where the employer permits the use of company email systems for private purposes; and introduction and use of technical equipment intended to monitor conduct or performance of employees.
For job-related emails, under section 4, 28 para. 1 no. 1 and 2 of the Federal Data Protection Act, monitoring is permissible if: (a) it is required for purposes of carrying out the employment contract; (b) justified by a prevailing interest of the employer. Consent from the employee is not required.
For job-related emails, the employer can monitor information about the sender, recipient, time, date, data volume, etc. The employer is also entitled to monitor content of such emails. However, the employee may not systematically check all emails of an employee in order to control the employee’s performance. If private emails are detected, then the employer should disregard them once it is detected that they are private.
If the employer allows private emails, then the employer is regarded as a telecommunications service provider under the provisions of the Telecommunication Act. In such a situation, the employer is not allowed to monitor private emails. Any information gathered from such private emails could only be used for providing services.
The Data Protection Act contains restrictions on the transfer of personal data to third countries outside of the European Economic Area (EEA). Personal data can be transferred to another country only if that country ensures the level of data protection that corresponds to the level of data protection in Germany.
Article 4b of the Federal Data Protection Act complies with the requirements of the EU Data Protection Directive.
|FINES AND SANCTIONS||
Administrative offences may be punished by a fine from €50,000 to €300,000. The fine should exceed the financial benefit to the perpetrator derived from the administrative offence. If the amounts mentioned in the first sentence are not sufficient to do so, they may be increased.
Criminal penalties are also possible with imprisonment up to two years and monetary fines.
|OTHER PRIVACY LAWS AND REGULATIONS||Telecommunications Act of 22 June 2004|