Works Council

Not only large, internationally operating corporations but also small and medium sized-companies implement new IT systems in order to meet the increasing expectations regarding security aspects. Facing an increasing need to secure data, companies implement IT-Systems to make their work more efficient or simply to keep pace with the rapid development on the mobile device market. The functions of these systems are almost limitless. As an example, we already supported clients in this context and observed the implementation of systems, tools, etc.

Even though negotiating a Works Agreements in the context of implementing such a system is often an additional time-consuming hurdle. Two core functions are essential for employee Data Protection:

On the one hand, Works Agreements are the primary instrument with which the Works Council (or a general or group Works Council) can act out its co-determination rights. On the other hand, Works Agreements are also very important to balance conflicts of interests under Data Protection Law. Thus, Works Agreements are a useful legal basis for the collection, processing and use of employees’ Personal Data.

In this “double function“, both co-determination as well as Data Protection Regulations must be considered when drafting Works Agreements, so that a close cooperation between the Data Protection Officer and the Works Council is required.

IT-framework agreements

First step: laying down general rules for handling IT systems in so-called IT framework agreements. In our experience, this has proved to be very successful in terms of a pragmatic, contemporary approach to new developments. When using a new system, general regulations can also be linked to an existing environment.

A conflict between employees’ and employers’ interests arises when employees fear that monitoring is taking place at there workplace. In this context, it is necessary to observe the Works Council’s mandatory right of co-determination for example in Germany. This provision stipulates that the right of co-determination applies to “the introduction and use of technical equipment intended to monitor workers’ behavior or performance”.

According to the case law of the German Labor Courts, in addition to “Right of instruction “, an objective suitability of the technical equipment is sufficient for this purpose, regardless of the employer’s intention to supervise his employees or not.

As soon as it is theoretically possible for the technical equipment to record, log or otherwise process employee data, an agreement must be reached with the Works Council before this equipment is implemented. These systems include time recording systems, e-mail encryption systems and IT security systems. The implementation of which requires the involvement of the works council.

Before drafting a Works Agreement, corporations need to particularly clarify the following questions:

  • What technical functionalities does the planned technology offer?
  • Which function is required and used for which purpose?
  • Who has access to this data?
  • Which data are directly affected by the functionality?
  • Are other data indirectly affected, e.g. by logging?
  • Should reports of logged data take place within the group of companies?
  • Is there cross-border data flow?
  • How long are the retention periods and is there an automatic deletion process after they have expired?
  • Can the rights of data subjects required under the GDPR also be guaranteed for the new systems?
  • Are employees sufficiently informed in the WAs about the circumstances concerning their personal data?

Finally, the handling of employee data should always be communicated openly and in a transparent manner. Information to employees about the introduction of the new technology should usually accompany a Works Agreement. Our experience includes not only the preparatory consultations for a Works Agreement but also the negotiations with, for example, the Works Council. We will be happy to assist you throughout the agreement process, may it be as support for the employer or the Works Council, or as a neutral person with Data Protection expertise for the proper agreement between both parties.

Even if you do not want to introduce new systems, it is advisable to check your previously completed Works Agreements. The GDPR has created new legal bases and obligations for employee Data Protection. In particular, you must ensure the fulfillment of the information obligations pursuant to Art. 13 and 14 GDPR. In order to avoid re-negotiating the existing Works Agreements, which could also lead to an unfavorable new regulation, and to ensure rapid implementation of the Data Protection Regulations, we recommend the conclusion of a framework Works Agreement on the subject of Data Protection which supplements or replaces the previously implemented Works Agreements.