- Employee data protection in Germany is currently fragmented and needs to be adapted to the digitalised world of work. The amount and complexity of processed employee data is constantly increasing – a consistent legal basis is lacking.
- The BMI and BMAS key issues paper (2023) and the federal government’s data strategy roadmap (2023) focus on individual aspects. However, the actual perception of employees has not yet been included to any great extent.
- Based on empirical findings, author Dr. Mena Teebken and author Professor Thomas Hess identify the five major data protection challenges and make recommendations for improving employee data protection.
- The approach: High and uniform data protection standards protect the privacy of employees and at the same time offer advantages for companies.
The Policy Brief with the topic “More is more: Better employee data protection for comprehensive use of workplace data” can be found here:
The top five challenges for data protection
Teebken and Hess criticise the current focus on individual aspects and argue for a holistic assessment of the topic. These include five key data protection challenges that correspond to the logic of so-called data lifecycles in the workplace:
- Generation of data: Employees have concerns primarily around the nature of data, a lack of explicit consent, excessive collection and a general loss of control.
- Analysing and processing data: Employees fear implicit monitoring and performance assessment as well as the creation of employee profiles, for example based on artificial intelligence.
- Storage: Employees express considerable concerns, particularly with regard to the storage period and storage outside the European Union.
- Internal and external recipients: Employees are concerned that unauthorised parties could gain access to their private data.
- Implementation of the regulation in the company: Employees are uncertain about the implementation of data protection rules in companies and the effectiveness of government regulation.
Trust through protection: fewer concerns, more data
In this context, Teebken emphasises the positive effects of high standards in employee data protection and sees a need for action:
The opinions, concerns and needs of employees have not yet been sufficiently taken into account. However, research shows that effective data protection increases employee trust and thus reduces privacy concerns. On this basis, the willingness to make data available also increases. The increased trust creates a positive dynamic in which employees and employers alike can benefit from digital work and the associated availability of data.Dr. Mena Teebken To the profile
Five recommendations: How data protection should be adapted
How data protection can be organised more effectively in the workplace depends on various factors. Teebken and Hess derive five recommendations for better employee data protection from the challenges identified:
- Manage data collection responsibly – for example, by limiting it to relevant and necessary data for which the legislator provides clear guidelines or examples.
- Ensure liability and transparency when using artificial intelligence – through a clear legal framework and ethical standards.
- Clearly limit data storage – in particular through regulatory requirements on the duration of data storage and clear guidelines on international data transfer.
- Ensure data protection for internal and external recipients – above all through effective regulations by legislators and employers.
- Sensitise employees and promote transparency – for example by simplifying data protection laws and providing clearer instructions.
Background: Update required – employee data protection is no longer up to date
There is currently no specific law on the protection of employee data in Germany; instead, the relevant provisions are spread across various laws. Current employee data protection is therefore fragmented and no longer up to date. The German government therefore set itself the goal of solving this problem with its 2021 data strategy. In April 2023, the Federal Ministry of Labour and Social Affairs (BMAS) and the Federal Ministry of the Interior and Homeland (BMI) published a key issues paper on the revision of employee data protection. In its data strategy roadmap, the Federal Government (BReg) aimed for the fourth quarter of 2023 for the introduction of the revised Employee Data Protection Act. However, no further development of employee data protection has yet taken place. The new publication outlines which aspects should be included.
Mena Teebken works at the bidt on the research project “Determinants of data disclosure in the digital workplace”.
Science Communication Manager, bidt
Enquiries about the study
Dr. Mena Teebken
Prof. Dr. Thomas Hess
Member of bidt's Board of Directors | Director of the Institute for Digital Management and New Media, Ludwig-Maximilians-Universität