Corona app – warning app on employees’ company cell phones

23. November 2020 von Nadja-Maria Becke

On Tuesday morning yesterday, the federal government, the Robert Koch Institute and the companies involved officially presented the federal government’s corona warning app. At the same time, they called for widespread use of the app. With the help of the Corona app, chains of infection should be made easier to understand. The general GDPR conformity of the app has already been confirmed by the managing director of TÜV Informationstechnik.

After the official presentation, many employers now face the question of whether the installation of the Corona app is permissible on employees’ private and company cell phones.

Functions of the Corona app

According to the current concept, the Corona warning app is to measure the distance between people using Bluetooth Low Energy technology. It should therefore enable the smartphone to remember the contacts anonymously. To do this, the devices exchange temporarily encrypted identities with one another. If users of the app test positive for the coronavirus, they can have their contacts informed through the app on a voluntary basis. The encrypted IDs of the infected person are made available to all mobile phones of the app users. In the event of a match, the user receives a warning about the critical contact.

Permissibility of installation on employee cell phones

In general, the employer cannot ask for the Corona Warning app to be installed on the employee’s private mobile phone, as he lacks the power of disposal or the right to direct. Regardless of this, however, the employer may make non-binding recommendations.

A forced installation of the Corona warning app on employees’ company cell phones is also to be viewed as critical. The employment contract grants the employer the right to direct the structuring of the employment relationship. However, this right is not unlimited. In individual cases, the interests of the employees worthy of protection as well as their privacy protected by labor law and the exercise of rights, as well as the fulfillment of legal protective obligations under labor law on the part of the employer must be made. An app that is always active, for example, would be a significant invasion of the employee’s privacy, as it also collects and stores their contact history outside of their working hours. An app that is only active during business hours, on the other hand, would require less intervention. Here it must be weighed up for which professions this makes sense.

Liability of the employer in the event of a data breach

If the employer has obliged his employees to use the Corona warning app, they are liable for any data protection violations caused by the app from the employment contract and, if applicable, from Art. 82 GDPR for damages. If recommended by the employer, use is based on the voluntary nature of the individual employee. Therefore, the employer would not be liable in the event of a data breach.

Overall, it can be said that the Corona warning app complies with the principles of the General Data Protection Regulation, but mandatory installation on employee cell phones should be viewed critically.

Do you have further questions about the Corona app on employee cell phones or other data protection issues such as the admissibility of thermal imaging cameras and fever measurement portals? Then please get in touch with aigner business solutions GmbH. Just contact us.

Nadja-Maria Becke

Nadja-Maria Becke leitet unser Inhouse-Juristen-Team. Sie studierte an der Universität Passau Rechtswissenschaften mit anschließendem Referendariat sowie erstem und zweitem Staatsexamen. Ihr Spezialgebiet ist Datenschutzrecht. Ihr fundiertes Wissen hält sie jederzeit aktuell. Für unsere Kunden und unser Team hat sie so immer einen Rat für eine passgenaue Lösung parat.