Employee data protection: Is the employer’s access to the content of the worker’s computer permitted under data protection law?

von Nadja-Maria

On January 31, 2019, the BAG announced its judgment on access to the contents of the work computer by the employer. According to the decision of the BAG, the employer may inspect files that are not marked as “private” on the work computer that is also used privately. In addition, the employer can also base the termination of the employment relationship on this, insofar as is permissible under data protection law and proportionately.

1. General information on the inspection of work equipment by the employer

According to the established case law of the BAG, the employer may use knowledge or evidence from the exploitation of the file content of a work computer if he has obtained this in accordance with data protection regulations. The judges made a well-founded suspicion of a breach of duty sufficient for the termination.

2. Assessment of the admissibility under data protection law in accordance with Section 26 Paragraph 1 Sentence 1 BDSG

If the employee is only allowed to use the computer for business purposes, the requirements are based on § 26 BDSG (in the case of the same content § 32 BDSG old version). According to Section 26 Paragraph 1 Clause 1 BDSG, personal data of employees may be processed for the purpose of the employment relationship if this is necessary for the decision on the establishment of an employment relationship or after termination of the employment relationship for its implementation or termination. The term termination includes the processing, i.e. also the preparation for the termination of an employment relationship.

In addition, a proportionality test must be carried out, i.e. The data collection and processing must be suitable, necessary and appropriate, taking into account the rights of freedom, in order to achieve the intended purpose. As part of the appropriateness test, an overall balance must be made between the severity of the interference and the weight of the reasons justifying it. The severity of the intervention must not be disproportionate to the weight of the reasons justifying it. This must be assessed independently for each data collection.

3. Effects of the judgment

The employer’s access to the contents of the employee’s work computer is fundamentally problematic in terms of data protection law. First of all, an express legal basis under data protection law is always required. In addition, the employer must carry out a proportionality test before evaluating the work computer, which appropriately assesses the rights of his employee.

However, it should also be noted that it is up to the employee to clearly mark files on the work computer with the label “private” if he wants to protect himself from being checked. Of course, this protection is also limited, e.g. if a serious misconduct is suspected.

Do you have questions on topics relating to employee data protection and are you looking for competent advice? Call us on 08505 919 27-0 or fill out our contact form. We are happy to help!


Nadja-Maria leitet unser Inhouse-Juristen-Team. Sie studierte an der Universität Passau Rechtswissenschaften mit anschließendem Referendariat sowie erstem und zweitem Staatsexamen. Ihr Spezialgebiet ist Datenschutzrecht. Ihr fundiertes Wissen hält sie jederzeit aktuell. Für unsere Kunden und unser Team hat sie so immer einen Rat für eine passgenaue Lösung parat.