Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Employment Privacy, International/EU Privacy

New Case Law on Restrictions for Employee Monitoring in the Workplace in Germany

According to the German Federal Labor Court, Germany’s highest court for employment disputes, German employers are not allowed to monitor employees in the workplace without a concrete suspicion of a criminal violation or, in some cases, a serious breach of duty (judgment dated July 27, 2017, case ref. 2 AZR 681/16). This means that employer monitoring of an employee’s computer usage without a concrete suspicion, including the use of keylogging software that records all keyboard entries made at a desktop computer does not comply with German data privacy laws. Courts may exclude evidence obtained under violation of German data privacy laws from their proceedings.

Facts of the Case

In the case, a web developer filed a dismissal law suit against a termination notice issued by its employer. The employer had installed a so-called keylogger on the employee’s business computer. The employer did this to prove its assumption that the employee had dedicated major parts of his working time to private activities. This keylogger software monitored and stored all keyboard entries for a significant period of time. In addition, the software periodically took and stored screenshots of the employee’s desktop.

The log-data revealed that the employee had spent a substantial amount of his working time programming and playing a spaceship PC game for private purposes. Furthermore, the data proved that the plaintiff had processed orders of his father’s logistic company on a large scale and that he had developed and used an IT-tool for processing such orders. A logged screenshot proved that the employee had approx. 6.000 e-mails on his account relating to his father’s business. In addition, the analysis of the log-data revealed that the plaintiff had regularly used his computer to search for planes and amusement parks on the Internet.

The employee denied most of these allegations. He claimed that he had worked no more than 10 minutes per day for his father’s company. Regarding the PC game, the employee argued that he had merely been playing the game for three hours during a period of four months. He stated that he used his business computer for these activities almost exclusively during his breaks.

Issues the Court Addressed

The Federal Labour Court focused on the following questions:

  1. Did the employer violate German data privacy law by using the keylogger to investigate the employee?
  2. If so, is the court allowed to admit this piece of evidence to assess the unfair dismissal claims?

Termination of Employment Invalid Due to Violation of Data Privacy Laws

According to the court, the private use of the business computer, conceded by the employee, did not justify a termination without a previous warning notice. And to be a valid termination, the employer would have had to prove its accusations against the employee. The only evidence the employer had was the log-data obtained from the keylogger. The Federal Judges held that the secret use of the keylogger software by the employer, without any concrete suspicion of a criminal offence or gross breach of duty, affected the plaintiff’s constitutional right to informational self-determination (i.e., privacy) in a disproportionate and unlawful manner.

Evidence Obtained under Violation of Data Protection Laws Is Generally Inadmissible in Court

As a general rule, any judicial use of evidence in German labor court proceedings obtained by an employer in a manner that is not compliant with German data privacy laws is considered an unjustified intrusion in the plaintiff’s right to privacy. Investigation measures by German employers are admissible only in cases of reasonable and concrete suspicions of criminal behavior or serious misbehavior to the detriment of the employer. Furthermore, it is required that employers first try steps short of secret monitoring, and then, if there are no positive results, consider additional, more intrusive measures as the only practical remedy. In addition, the process as a whole must be reasonable and appropriate.

In the underlying case, although the employer suspected the employee was engaged in inappropriate activity using his computer, the suspicion was not concrete (i.e., based on specific evidence). The judges therefore concluded the investigation was unjustified and the surveillance of the employee using a keylogger violated German data privacy law.

In addition, the use of a keylogger would have been inappropriate even in case of a concrete suspicion against the employee. According to the courts, the employer could have relied on equally suitable and more lenient ways to investigate the case. For instance, the employer could have checked the employee’s business computer in the presence of the employee. Such an unveiled investigation would have been just as suitable to investigate the case as a secret surveillance using a keylogger. Therefore, the court concluded the employer could and should have chosen this less intrusive investigation measure.

The Federal Judges also confirmed the general ruling that continuous technical monitoring in the working place is generally unlawful under German law. Continuous monitoring leads to pressure on the employee that is generally repugnant to the employees’ personality rights.

Following the Same Path All Along Europe

The German Federal Labor Court’s judgment can also be relevant for employee monitoring in other European jurisdictions. The principles pointed out by the German Federal Judges will also apply under the new EU General Data Protection Regulation taking effect on May 25, 2018.

With their assessment that the usage of keyloggers constitutes an unlawful interference in the employer’s fundamental rights, the German labor courts are following the same path as the European data protection authorities. In its opinion dated June 8, 2017 on data processing at work (2/2017), the Article 29 Working Party, the internal board of the European data protection authorities, claimed that the use of keyloggers, mouse-movement loggers, and automatic screen capture software is generally inappropriate.


The large number of technical surveillance tools available can be tempting for German employers who want to ensure their workforces are appropriately performing their duties. However, employers have to diligently consider which measures to use to investigate suspicions of criminal offences or breaches of duty in the workplace. If the chosen investigative measure is inappropriate under German law, not only may the obtained pieces of evidence be worthless for court proceedings, but the employer may face administrative fines and claims for damages by the affected employees.

A German language version of this article has been published by the online journal Legal Tribune Online.