Procedural laws and principles contain a clear concept regarding which party must present and prove what information in court proceedings. Claimants in employment proceedings currently try to use the right to access of data subjects under Article 15 GDPR to shake this concept up.
Judgment of the Higher Labour Court of Baden-Württemberg
On 20 December 2018, the Higher Labour Court of Baden-Württemberg (Landesarbeitsgericht Baden-Wuerttemberg – “LAG”) had to decide on the scope and exceptions of the data subjects’ access right (docket no. 17 Ca 4075/17). The decision was part of a lawsuit against unfair dismissal, made by a former employee against their former employer.
The LAG acknowledged the rights to obtain (i) general information about the employees’ personal data processed by the employer (Article 15(1) GDPR) as well as (ii) a copy of that data (Article 15(3) GDPR). According to the LAG, the copy under Article 15(3) GDPR comprises any of the employee’s personal data processed, including any correspondence, as well as performance and conduct data, even if such personal data was not stored in the employee’s employment file.
In the case at issue, the employer conducted internal investigations regarding operational misconduct of its employees and guaranteed its whistleblowers not to disclose their identity. It was, thus, crucial if the access right under Article 15(3) GDPR was restricted based on the rights and freedoms of others (Article 15(4) GDPR). The LAG supports the view that it may constitute a legitimate interest in the secrecy of the source of information if the employer has assured anonymity to its whistleblowers. However, the LAG emphasises that Article 15(4) GDPR may restrict the access request only to the extent that this is necessary to protect third parties’ secrecy interests, subject to balancing of interests test. The LAG took the view that it is not sufficient to make a general reference to the need for protection of whistleblowers. Instead, the LAG requires that the employer names the particular personal data of the employee to which the alleged third parties’ secrecy interests refer. The LAG held that it is necessary to name the related facts, the incident, the topic in terms of time and locality, and the acting persons in that regard.