German companies sometimes are required to collect data for legitimate business purposes, including for compliance, to investigate malfeasance, for adjudication of claims and to protect personal data of customers from misuse. Companies that seek to employ EnCase® Enterprise or EnCase® eDiscovery to search and collect German employees’ e-mails and electronic documents face a critical requirement: obtaining permission from their companies’ works councils in Germany. German works councils have a well-earned reputation as rigorous guardians of employee privacy rights, sometimes rejecting corporate efforts to search through employee data, invoking the rights and protections afforded German employees pursuant to the 1995 European Union Data Protection Directive as well as German federal and state data protection laws implementing the Directive.
It is not uncommon, however, for German works councils to approve data collection approaches that include reasonable safeguards of employee privacy. In fact, the European data protection laws recognize that there should be a balance between the employees’ fundamental human right to privacy versus the organization’s legitimate business interests and legal obligations. This author has been involved in a number of successful requests to German works councils. The key to that success is to make a well-researched and sensitive presentation to the works council, and to offer a collection methodology that includes protections for employees’ rights.
This white paper will address the following:
- What is a German works council and how does it function?
- What is the German data protection regime upon which a works council can base its objections?
- What steps can a company take to maximize the ability for EnCase® data collections to be approved by a German works council?