Employee – Court Ruling (Germany, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A medical service in Germany faced a court ruling after a worker claimed their privacy rights were violated. The court found that the company had proper measures in place to protect the worker's personal data during a disability assessment. This case highlights the importance of having strong data protection practices in the workplace.
What happened
A worker claimed their privacy rights were violated during a disability assessment conducted by their employer.
Who was affected
The worker who was undergoing a disability assessment and their employer, a medical service provider.
What the authority found
The court ruled that the employer had implemented adequate measures to protect the worker's personal data.
Why this matters
This ruling emphasizes that companies must ensure strong data protection protocols, especially when handling sensitive employee information. It serves as a reminder for businesses to review their privacy practices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
On 01 September 1999, the data subject started working for the controller, a medical service responsible for providing health assessments for health insurers. Starting on 22 November 2017, the data subject became unable to work due to illness. Their health insurer ordered an assessment of the data subject's disability on 06 June 2018 due to doubts about their inability to work. This assessment was to be done by the controller, who also happened to be the employer of the data subject. The controller had specific rules in form of a "special case" unit of 36 people in place for this occurrence to prevent preferential treatment or discrimination for its employees. A developed role concept within this unit ensured that the relevant expert assessments were not processed by employees who worked with the person concerned in a department, which was also technically secured with separate storing of key and file. Merging was only possible using a key stored in an encryption library. An employee the data subject was familiar with produced the required assessment report for the controller and the health insurer in cooperation with the data subject's doctor via a phone call. On 01 August 2018, the data subject requested a coworker to check whether an assessment report about them was available in the database and to send a picture of it. The coworker complied. On 15 August 2018, the data subject requested compensation of €20,000 from the controller outside of court, but they denied the claim. The data subject also sought material damages in the second instance by way of a payment and declaratory action, each based on Article 82(1) of the GDPR and § 823(1) of the German Civil Code (BGB) in conjunction with Article 2(1) and Article 1(1) of the Constitutional Law (GG). The controller then expressed an immediate termination on 05 December 2019 and 12 December 2019 respectively. The data subject alleged the controller violated their right to privacy based on Article 82(1) GDPR, saying
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (1)
Other cases involving Employee in DE
Details
About this data
Cite as: Cookie Fines. Employee - Germany (2024). Retrieved from cookiefines.eu
Last updated: