|
|
This is total surveillance! This shouldn't be allowed under data protection law!" We hear these and many other statements again and again when it comes to enforcing the BAG ruling from September 2022. We understand the dissatisfaction with this topic. Data protection has been a controversial topic for many years - triggered by the new General Data Protection Regulation of 2018, but especially since a large part of our data is stored online due to Corona. In this article, we want to break down what needs to be considered in terms of data protection law when it comes to recording working hours.
Person with mobile phone with the clockin app in the phone in front of wood cutting machine, foreground symbols for data protection in hexagons
Disclaimer: All information on the pages of this website is for general information purposes only. It does not constitute legal advice in individual cases and cannot and should not replace such advice.
Which data may be collected?
According to Section 16 Paragraph 2 of the Working Cell Phone Number Database Hours Act, employers are legally obliged to record overtime and work on Sundays and public holidays. This means that the introduction of a time recording system is required by law .
Section 26 Paragraph 1 of the Federal Data Protection Act also legitimizes the recording of working hours for the purpose of carrying out the employment relationship. However, there is (as yet) no law on recording working hours and therefore no requirement tailored to this specific situation.
There are no rules about how this recording takes place. Whether it is done using the traditional timesheet, a software or app, or a time clock is up to each company.
How might the data be used?
As previously mentioned, when recording working hours, not only labor law applies , but also administrative law - specifically the Federal Data Protection Act , which has been consolidated in the cross-border EU General Data Protection Regulation ( GDPR ) since May 2018. This is because the data generated by recording working hours is considered personal data . Personal data is understood to mean all information that relates to an identified person or identifiable natural person. By linking working hours (information) and employee (identified person), this is therefore personal data.
Section 1 of the Federal Data Protection Act states: “The purpose of this law is to protect individuals from having their personal rights infringed upon by the handling of their personal data.” This means that the Federal Data Protection Act (BDSG) applies to the recording of working hours and thus protects the recorded data from misuse or unlawful disclosure.
So let’s break down the associated principles and requirements of the BDSG:
access and entry control
Access to the system used to process the data must be limited . Access must also be secured so that no one without authorization has access to the data collected
distribution control
The BDSG stipulates that not only the unauthorized reading of personal data, but also the copying or removal of this data must be prevented. This includes not only restricting access, but also the manipulation of data by unauthorized persons. This can take place via login data, locked filing cabinets or rooms, or simple input codes.
|
|
發表於 12:50:17