Court case 18 Ca 6830/21 – Court Ruling (Germany, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German court dealt with a case where a company required employees to prove their COVID-19 vaccination status. When an employee couldn't provide sufficient proof, the company terminated her employment. This case underscores the need for businesses to handle health data carefully and ensure their policies comply with privacy laws.
What happened
A company required employees to show proof of COVID-19 vaccination, leading to the termination of an employee who couldn't provide adequate proof.
Who was affected
Employees of a company providing workplace health promotion services, particularly those needing to prove their vaccination status.
What the authority found
The court examined whether the company's actions in verifying vaccination status and terminating employment were justified under privacy laws.
Why this matters
This ruling highlights the delicate balance between workplace safety and privacy rights. Companies should ensure their health data policies are transparent and legally sound to avoid disputes.
GDPR Articles Cited
National Law Articles
The controller is a company providing workplace health promotion services by consulting other companies on this topic and developing tailored measures for them. Its main customer base are care facilities. The controller informed its employees that due to an amendment of the German Infection Protection Act, access to care facilities was only permitted to persons that are either vaccinated, recovered or tested negative against Covid-19. The controller asked their employees to prove their vaccination status by either handing over a screenshot of the digital vaccination certificate or by presenting the vaccination card. It also informed them that a copy will be made for documentation purposes. On 03 December 2021, the data subject, who was employed as a counselor, presented her vaccination card to the controller. When asked by the HR officer whether she also has a QR vaccination code, she explained that she only has a digital vaccination certificate stored on her private mobile phone, which she did not have with her at the moment. As it was not possible for the controller to check the validity of the vaccination certificate without the QR code, the controller carried out a batch query, which means that it compared the provided vaccination data with publicly available information on the availability of vaccination batches in order to determine irregularities. It found that the vaccination data provided by the data subject was inconclusive as the first vaccination allegedly took place at a time when only elderly people were vaccinated. During a conversation with the data subject, the suspicion of forgery could not be dispelled, as she then asserted to never have stored the QR code on her phone because of data protection reasons and that she did not know whether she still had the QR code in paper form. As the data subject was unable to provide proof that the vaccination had actually been carried out, the controller terminated the employment relationship. The data subject
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 18 Ca 6830/21 in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 18 Ca 6830/21 - Germany (2022). Retrieved from cookiefines.eu
Last updated: