Ex-employee (data subject) – Court Ruling (Germany, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court ruled against an ex-employee who claimed their former employer failed to provide access to personal data. The court stated that the employee had waived their right to access data after settling their employment claims. This case is significant as it shows that individuals can lose their rights to access personal data if they agree to certain settlements.
What happened
The ex-employee requested access to their personal data but had settled their claims with the employer.
Who was affected
The former employee who sought access to their personal data after leaving the company.
What the authority found
The court held that the ex-employee waived their right to access under the settlement agreement.
Why this matters
This case serves as a warning that settling employment disputes can affect an individual's rights to access their personal data. It encourages employees to be cautious about what they agree to in settlements.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject was an employee, the controller was the employer. On 14 January 2022, the data subject requested access to personal data from the controller under Article 15 GDPR. They did not respond. On 28 January 2022, the controller terminated the employment. On 17 February 2022, the data subject lodged a complaint with the Data Protection Authority (DPA) under Article 77 GDPR. The data subject alleged that the controller had failed to answer the access request, had taken unauthorised photographs, and had a copy of their vaccination certificate. On 24 February 2022, the employment relationship ended by a court settlement before the Labour Court. The settlement stated that all claims arising from the employment relationship and its termination, whether known or unknown and regardless of their legal basis, were settled, except for employment documents. By entering the settlement, the data subject agreed to not pursue further claims. After the settlement, the controller informed the DPA that it had not received an access request from the data subject, had not taken photographs, and had destroyed the vaccination certificate after the employee left. The data subject continued to raise issues with the DPA, including access to time-tracking data and alleged inaccuracies in the controller’s provided documents. The controller later provided partially redacted time-tracking data. On 26 July 2022, the DPA closed the administrative procedure, as it considered that the data subject no longer had a right of access under Article 15 GDPR because the settlement didn't allow for this claim. The data subject challenged the DPA’s decision before the Administrative Court. On 10 July 2024, the court dismissed the action. The data subject appealed. First, the court held that the right of access under Article 15 GDPR was, in principle, waivable. Although Article 8(2) of the Charter of Fundamental Rights protects the right of access, the court noted that data protection law is base
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (1)
Other cases involving Ex-employee (data subject) in DE
Details
Ruling Date
13 May 2025
Authority
DPA VGSaarland
About this data
Cite as: Cookie Fines. Ex-employee (data subject) - Germany (2025). Retrieved from cookiefines.eu
Last updated: