Recording working time in the company and data protection

The recording of working hours can be done in many different ways: the classic time sheet, the time clock, softwares, Apps. The requirements of data protection law must always be observed, especially in the case of extensive working time data, so as not to put your foot in your mouth. Here we discuss the legal basis, access, co-determination rights and continuous monitoring in relation to digital time recording.

Basic obligation to systematically record time

In Germany, only the obligation to record overtime according to § 16 para. 2 ArbZG regulated. But what about the rest of the hours that employees work day in and day out?? In this regard, the ECJ ruled in its judgment of 14. May 2019 took a position. According to the EU Charter of Fundamental Rights, it is the right of every employee that the limitation of maximum working hours and the daily and weekly rest periods are guaranteed. According to the Court of Justice, this right can only be enforced objectively and reliably by means of a system for recording working time.

This ruling has a certain impact on data protection. While it is partly demanded that the legislator extends the documentation obligations of the ArbZG, for example the ArbG Emden (Urt. v. 20.2.2020 – Az. 2 Ca94/19), the EU law is already considered to be directly effective. It will be interesting to see whether, at least in the context of mobile work, the legislator will express itself with regard to time recording.

Systematic time recording is already in use at a large number of companies. There are many aspects to be considered during implementation from a data protection perspective. Difficulties arise in the case of a possible control of performance and behavior, which is why the principles of purpose limitation and the need-to-know principle must necessarily be respected. But the service provider for the time recording system should also be chosen wisely. And the works council may also want to have a say in the matter. With all the to-dos, some employers are already raising their eyebrows! But don't panic, we break down the most important problem areas for you to consider.

Are working hours personal data?

When it comes to personal data, many people think mainly of very obvious data such as name or email address. By type. 4 No. 1 GDPR, "personal data" means any information relating to an identified or identifiable natural person. Thus, many more data fall under this category than expected! Due to the link between working time (information). For the employee (identified person), the working time is a personal data. This was already stated by the ECJ in a judgment of 2013:

"Records of working hours (…), which include information on the time at which an employee begins and ends his or her working day, as well as breaks or. 'data containing periods not included in working time fall within the notion of personal data (…)'".

Electronic time recording: What needs to be considered?

Goodbye to the good old time sheet. Instead, electronic time recording has arrived in the working world. The paper economy can therefore be said goodbye, but now the question arises: How should the whole thing be introduced and what has to be considered in terms of data protection? Different application forms of digital working time recording can be used here: Transponders, software-based solutions or even an app for time recording. Regardless of which choice is made here, the principles of data protection law should be observed and the protection of personal data ensured.

Correct legal basis for the recording of working hours

It already starts with the examination of the legal basis for the data processing in the context of the recording of working hours. In principle, the recording of working hours is necessary for the performance of the employment relationship within the scope of § 26 para. 1 BDSG. Consequently, it also applies that the employer will have a legitimate interest in properly remunerating the working time worked, so that Art. 6 Abs. 1 lit. f DSGVO is applicable. According to § 16 para. 2 ArbZG, the employer is even obliged to record overtime hours. Thus, the legal obligation also comes under Art. 6 para. 1 lit. c DSGVO in question.

The legal basis thus poses less of a problem. Difficulties arise, in particular, in guaranteeing the further principles according to Art. 5 GDPR, for example with the principle of purpose limitation. The data from the recording of working hours should not be used for extensive performance monitoring-. Behavioral control or be used to create movement profiles.

Time recording using fingerprints and other biometric data

The query of biometric data is a right trend. Unlocking apps using fingerprints or Face IDs has become commonplace and is rarely questioned. A closer look is worthwhile, because biometric time recording is not unproblematic, as a ruling by the LAG Berlin-Brandenburg showed. The fingerprint is clearly a biometric data according to Art. 4 no. SECTION 14 OF THE GERMAN DATA PROTECTION ACT (DSGVO). Thus, for the processing also the type. 9 GDPR to be applied for particularly sensitive data. The court ruled that the processing of fingerprints already lacks necessity, the justification of a tamper-proof time recording is not sufficient here. So, rather the fingers (imprints) away from the biometric time recording!

Permitted storage period of working hours

Furthermore, the principle of storage limitation must be observed. This means that the working time data may only be kept for as long as this is actually necessary. In this context, certain retention obligations must be observed. According to § 16 Abs. 2 ArbZG, the employer is obliged to keep the documentation of overtime for at least 2 years. In addition, retention obligations under tax law may be applicable within the framework of the German Fiscal Code, which is why tax-relevant data from the recording of working hours must be retained for 10 years. Other absences should be kept for up to 2 years.

Works council's right of co-determination in the case of electronic time recording

If a works council is deployed in the company, it may have extensive co-determination rights with regard to employee data protection. The introduction of electronic time recording can also be subject to co-determination. For example, in a ruling last year, the LAG Hamm established that the works council's duty of co-determination under Section 87 para. 1 no. 6 BetrVG far out and referred also the electronic time registration also with. Accordingly, it makes sense to involve the works council already in the planning phase, since, for example, software for recording working hours at least offers the possibility of performance and behavior control.

Problem areas in the recording of working hours

Once the digital time recording system has been selected and tested, it can be put to actual use. Here, for example, the need-to-know principle must be upheld or also the purpose limitation and data minimization. There are many stumbling blocks and the fact that the employer would be only too happy to know exactly where the employee is at any given second should remain only that: a dream.

Insight into working hours

And who is now allowed to view the working time data and to what extent? The inspection of working time should be limited to the extent necessary for those persons who are authorized to do so and insofar as this is also necessary for the performance of the employment relationship in accordance with Section 26 Para. 1 BDSG is justified. In an activity report, the State Commissioner for Data Protection commented as follows. Inspection of files Brandenburg, for example, for inspection of working hours by the works council. As is well known, this is not possible according to § 80 Abs. 1 no. 1 BetrVG obligates the works council to monitor whether the laws and other regulations applicable to employees are being observed, u.a. also the Working Hours Act. However, this cannot be guaranteed by granting the employee representatives comprehensive reading rights for electronic time recording. In the context of data economy, it is already sufficient to provide anonymized or pseudonymized data. If anomalies are detected, identification could still take place in a second step.

Posting of duty rosters or shift schedules and data protection

Despite the advance of digitalization, it still happens frequently: Duty rosters are printed out and displayed in the hallway in order to organize the shifts of colleagues. Sometimes there is no way around it. The internal display of duty rosters and shift schedules can be based on Section 26 of the German Federal Data Protection Act (BDSG), insofar as it is necessary for the implementation of the employment relationship. Often, it will only be possible to ensure that operations run properly if employees coordinate among themselves who works when and with whom, swap shifts, etc. Of course, the principle of data minimization also applies here: Only what is necessary should be stated in the plan. Ultimately, however, it remains a question of the individual case whether the interpretation is still lawful or not.

No permanent monitoring of employees, but random checks possible

According to the case law of the Federal Labor Court, permanent monitoring of employees is inadmissible (Federal Labor Court, decision of 26.8.2008, 1 ABR 16/07).

In the opinion of the data protection officer of Rhineland-Palatinate, knowledge of the time recording data by the supervisors is possible to the extent required. Here, too, the principle of data minimization should be observed. A monthly overview with actual/target hours and event-related information in the event of anomalies or random checks are justifiable. On the other hand, the inspection of individual postings via software, for example, would have to be explicitly stipulated in the service agreement.

The data protection commissioner of Lower Saxony takes a similar view in a 2017 report:

"Against random checks or occasion-related individual case checks of the time accounts by the personnel departments, working time officers or supervisors, z. B. in the event of conspicuous overruns or underruns of the specified time limits, there are no concerns from the perspective of data protection law."

The digitization of working time recording

In times of home offices and mobile working, digital time recording and the consequences for data protection will continue to be a topic of interest. On the part of employees, there is a fear of permanent monitoring, but with a thorough data protection review of the legal basis and possibilities for insight, and if necessary. employees should also have little to fear from the co-determination of the works council. On the contrary, digital working time recording can ensure exactly this, which is increasingly demanded: Flexibility. Balancing work and private life can be a challenge, we've found that more than ever before. Thus there should be no more problems at least with the documentation obligations for the time registration in the Homeoffice in view of the range at Softwares and Apps, which developed this market for itself.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: