privacy and employee surveys in germany
play

Privacy and Employee Surveys in Germany June 2020 Speakers Dr. - PowerPoint PPT Presentation

Jul 10, 2023 •279 likes •519 views

Privacy and Employee Surveys in Germany June 2020 Speakers Dr. Annette Demmel, Tarek Hajj-Khalil Partner, Berlin Associate, Berlin T +49 30 72616 8226 T +49 30 72616 8110 E annette.demmel@squirepb.com E tarek.hajj-khalil@squirepb.com

  1. Privacy and Employee Surveys in Germany June 2020

  2. Speakers Dr. Annette Demmel, Tarek Hajj-Khalil Partner, Berlin Associate, Berlin T +49 30 72616 8226 T +49 30 72616 8110 E annette.demmel@squirepb.com E tarek.hajj-khalil@squirepb.com squirepattonboggs.com 2

  3. Agenda  General considerations  Employee surveys and personal data  Consent as the main legal basis  Ideas for the architecture  Involving the works council?  Conducting a data protection impact assessment?  Employee surveys and Covid-19 squirepattonboggs.com 3

  4. The context  Employee surveys become more and more important.  In times of Covid-19, for example, companies often would like to know how their employees are doing while in home office.  However, are employee surveys allowed at all? And if so, what should be kept in mind? squirepattonboggs.com 4

  5. Possible procedure In the invitation email, the The employer transmits The service provider creates potential participants get email addresses of potential the survey and sends an further information (e.g. via participants of the survey to invitation email to the link to the privacy policy) the service provider. potential participants. and that they have to click on the link to participate. The service provider does not collect the IP address of The participants are then The service provider the participants, but may redirected to the survey evaluates the results and collect a few other data, page of the service sends aggregated results to such as the time of provider. the employer. participation, the browser used, etc. squirepattonboggs.com 5

  6. Involved parties Supervisory Authorities advises Data Employer Protection Officer Service Provider surveys (joint processor Employees controller) Works Council squirepattonboggs.com 6

  7. Data categories in employee surveys (Directly) personal data • Employee email address • Employee IP address • Assignment to an organisational unit of the employer • Job profile of the employee (Indirectly) personal data • Survey data (aggregated data, raw data) • Whether survey data is personal data depends on whether it is anonymized • If the survey data is only pseudonymized, it will most likely constitute even sensitive personal data squirepattonboggs.com 7

  8. Survey data - all anonymous, or not? Problem 1 IP Addresses • The service provider may not collect the IP addresses of the employees • However, he may use cookies to allow the survey to be resumed after interruptions • Still, this should rather be avoided, where possible Problem 2 Email Addresses • The service provider may not collect the email addresses of the employees • Strictly speaking, the service provider, however, obtains it; at least in a logical second when the employee starts the survey. Problem 3 Group Specific Surveys • This may give great results, but German supervisory authorities do not consider survey data anonymous if they belong to a group of less than 10 persons. squirepattonboggs.com 8

  9. May the employer oblige the employees to participate in the survey?  Most likely not.  Particularly difficult in regard to anonymous surveys.  Except if the survey is closely tied to carrying out their specific job. squirepattonboggs.com 9

  10. Possible legal bases for employee surveys + +/- - overriding fulfilment consent legitimate of the work interest contract squirepattonboggs.com 10

  11. The declaration of consent must be… prior specific explicit informed in writing or freely given withdrawable electronic squirepattonboggs.com 11

  12. Informed Consent - Information towards employee What to inform about? • controller, processor, recipients, data categories, purposes of processing, data sources, data transfers, storage periods, rights of data subjects, possibility of withdrawal • in the case of sensitive data: explicit mentioning of sensitive data! How to inform? • “in a concise, transparent, clearly distinguishable manner and easily accessible form, using clear and plain language” • visualization is allowed! • In Germany, employers are, in principle, required to obtain employee consent in written or electronic form How to inform about the right to withdraw ? • The employer must inform about the employee`s right to withdraw his/her consent at any time prior to the consent • The withdrawal must be as easy as the giving of the consent itself • Right to withdraw may be problematic when survey data are anonymous! squirepattonboggs.com 12

  13. Informed Consent - consent in written or electronic form If consent shall be given in written form • It should not be given together with other declarations If consent shall be given in electronic form • It must be given consciously and unambiguously: pre-ticked boxes, silence, or inactivity are void! • It must be documented • The employee must be able to access its content at any time • It must be withdrawable at any time with future effect • The form may not be unnecessarily disruptive to the participation in the survey squirepattonboggs.com 13

  14. Informed Consent - further considerations Information on purpose of survey Information on the architecture be as specific as possible mention where the data will be stored be in line with your general attitude and practice name and describe the software used for the survey mention, where possible, any measures planned on explain the storage period as concretely as possible the basis of the results mention, where applicable, why and how anonymous results will be published or transferred squirepattonboggs.com 14

  15. Freely given consent Art. 7 par. 4 GDPR • Consent may not be freely given if the participation in the survey “is dependent on the consent to the processing of personal data that is not necessary for the performance” of the survey. Rec. 43 GDPR • “Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case […]” Sect. 26 par. 2 Federal Data Protection Act • “[…] the employee’s level of dependence in the employment relationship and the circumstances under which consent was given shall be taken into account in assessing whether such consent was freely given . Consent may be freely given in particular if it is associated with a legal or economic advantage for the employee , or if the employer and employee are pursuing the same interests .” squirepattonboggs.com 15

  16. Hint! Document the conducted employee Records on Processing Activities surveys; and inform about the employee surveys not only in the declaration of consent, but also in Technical and Organisational your… Measures Data Protection Impact Assessments Privacy Policy Accountability Report Data Breach Response Plan Legitimate Interest Assessments squirepattonboggs.com 16

  17. Ideas for the architecture Avoidable, e.g. by not allowing Certified? Processor Software Cookies the survey to be resumed after Servers in the EU? an interruption? In how far are audits possible? Special authorization Open source? Software Admins for persons evaluating Barrier-free? & administrating the survey and its results? 2 squirepattonboggs.com 17

  18. Does the works council need to be involved?  Depends on the specific concept of the employee survey, for example its technical design.  May be required according to Sec. 87 of German Works Council Constitution Act: (1) The works council shall have a right of co-determination in the following matters in so far as they are not prescribed by legislation or collective agreement: 1. matters relating to the rules of operation of the establishment and the conduct of employees in the establishment […] 6. the introduction and use of technical devices designed to monitor the behavior or performance of the employees […] squirepattonboggs.com 18

  19. Does a Data Protection Impact Assessment (DPIA) need to be conducted?  DPIAs shall be conducted, where the type of processing is likely to result in a high risk to the rights and freedoms of natural persons. (Art. 35 par. 1 GDPR)  Nine criteria, two of which are generally sufficient for the necessity of a DPIA (according to Article 29 Working Party):  Evaluation or scoring  Automated-decision making with legal or similar significant effect  Systematic monitoring  Sensitive data  Data processed on a large scale  Matching or combining datasets  Data concerning vulnerable data subjects  Innovative use or applying new technological or organisational solutions  The processing itself “prevents data subjects from exercising a right or using a service or a contract”  Also consider positive or negative lists by supervisory authorities.  Eventually conduct a “DPIA light”, irrespective of a legal obligation!  Minimum content of a DPIA is stipulated in Art. 35 par. 7 GDPR squirepattonboggs.com 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology

Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology

Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor http://lorrie.cranor.org/courses/sp04/ Current events Current events n Gmail

883 views • 31 slides
achieving change from employee from employee surveys 101 Dr Peter Langford e:

achieving change from employee from employee surveys 101 Dr Peter Langford e:

achieving change from employee from employee surveys 101 Dr Peter Langford e: peter.langford@voiceproject.com.au p: 0408 810 502 agenda 1. The Voice Project story 2. Top 10 tips to prevent positive change from employee surveys 3.

302 views • 14 slides
UltiPro Perception Collect and understand employee feedback with surveys and sentiment analysis

UltiPro Perception Collect and understand employee feedback with surveys and sentiment analysis

UltiPro Perception Collect and understand employee feedback with surveys and sentiment analysis UltiPro Perception offers a modern way for collecting and understanding employee feedback providing a rich, conversational relationship with

315 views • 12 slides
Employee Engagement Surveys: Improving your scores without really trying Garry Gelade Business

Employee Engagement Surveys: Improving your scores without really trying Garry Gelade Business

1 Employee Engagement Surveys: Improving your scores without really trying Garry Gelade Business Analytic Ltd 2 Outline How to improve your employee engagement scores without really trying. How not to be so stupid as to think you

374 views • 21 slides
Update on Indicator work A&D and an update from harbour porpoise surveys in Germany SEAL

Update on Indicator work A&D and an update from harbour porpoise surveys in Germany SEAL

Update on Indicator work A&D and an update from harbour porpoise surveys in Germany SEAL 12 Tallinn, Estonia me of a coffe coffee infused drafting Out utcome ng session by the he A&D A&D indi dicator grou oup on n Tu Tues

735 views • 28 slides
New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director,

New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director,

New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer Definitions HIPAA Health Insurance Portability and Accountability Act PHI Protected Health

660 views • 35 slides
V1E 12 Sept 2016 Surveys V1 2016 SLDM Surveys 1 V1 2015 StatChat2 2 2 Polls and Surveys

V1E 12 Sept 2016 Surveys V1 2016 SLDM Surveys 1 V1 2015 StatChat2 2 2 Polls and Surveys

V1E 12 Sept 2016 Surveys V1 2016 SLDM Surveys 1 V1 2015 StatChat2 2 2 Polls and Surveys Surveys of People BENEFITS: Milo Schield, Augsburg College Cheap: Survey Monkey Member: International Statistical Institute Measure

165 views • 14 slides
Teacher, Parent, and Student Views on Education Data, Technology, and Student Privacy Surveys of

Teacher, Parent, and Student Views on Education Data, Technology, and Student Privacy Surveys of

October 2020 Teacher, Parent, and Student Views on Education Data, Technology, and Student Privacy Surveys of Teachers and Parents, and Focus Groups among Teachers and K-12 Students About the Teacher Survey Research Objectives Teacher

704 views • 48 slides
+ Continues Improvements Outcome Measures & Surveys Security & Privacy Considerations

+ Continues Improvements Outcome Measures & Surveys Security & Privacy Considerations

Bounce back Seminar 9/11/2015 Harnessing technology and Pres esen entatio ion Ov Over ervi view exercise intervention to optimise patient outcomes Technology & Work Flow + Continues Improvements Outcome Measures & Surveys

86 views • 5 slides
Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C

Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C

User Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C Workshop on Privacy and User Centric Controls 20 21 November 2014, Berlin, Germany Dipl.-Inf.

829 views • 15 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak

Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak

Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak Blockchain, Sustainable Development and Privacy 26-27 November 2019 Berlin, Germany The problem with GDPR and blockchains : Bitcoin & Privacy

395 views • 7 slides
Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Annual Privacy Forum 2015 Luxembourg, 7 October,

551 views • 29 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Bat surveys undertaken in 2017 1. Roost Assessment Surveys 2. Activity transects 3. Crossing

Bat surveys undertaken in 2017 1. Roost Assessment Surveys 2. Activity transects 3. Crossing

Bat surveys undertaken in 2017 1. Roost Assessment Surveys 2. Activity transects 3. Crossing point surveys 4. Static surveys 5. Transects landscape effects 6. Trapping 7. Radio-tracking Bat surveys undertaken in 2017 1. Roost

328 views • 17 slides
Motivation Dramatic increase in digital data Privacy-Preserving Data Mining World Wide

Motivation Dramatic increase in digital data Privacy-Preserving Data Mining World Wide

Motivation Dramatic increase in digital data Privacy-Preserving Data Mining World Wide Web Growing Privacy Concerns Rakesh Agrawal Ramakrishnan Srikant A Surveys of web users IBM Almaden Research Center 17%

369 views • 8 slides
Motorized Foot Scooter Pilot Transportation & Public Works Committee March 5, 2019 1 2018

Motorized Foot Scooter Pilot Transportation & Public Works Committee March 5, 2019 1 2018

CITY OF MINNEAPOLIS Motorized Foot Scooter Pilot Transportation & Public Works Committee March 5, 2019 1 2018 Scooter Pilot - Milestones Pilot began Aug 6 th , 200 scooters total Bird and Lime started at 100 scooters each

176 views • 14 slides
Government Alliance on Race and Equity Capitol Cohort Jessica Buendia and Julia Caplan May 29,

Government Alliance on Race and Equity Capitol Cohort Jessica Buendia and Julia Caplan May 29,

Government Alliance on Race and Equity Capitol Cohort Jessica Buendia and Julia Caplan May 29, 2019 Agenda 1. Overview of Government Alliance on Race and Equity (GARE) Capitol Cohort 2. Strategic Growth Councils Racial Equity Action

568 views • 21 slides
Agenda Page Who we are JPMCI research is public facing for public consumption: primary

Agenda Page Who we are JPMCI research is public facing for public consumption: primary

Agenda Page Who we are JPMCI research is public facing for public consumption: primary audience is decision-makers: policy makers, businesses, and non-profit leaders Public impact Independent research agenda from commercial

596 views • 20 slides
www.jpmorganchaseinstitute.com #JPMCInstitute @Farrell_Diana The JPMorgan Chase Institute is a

www.jpmorganchaseinstitute.com #JPMCInstitute @Farrell_Diana The JPMorgan Chase Institute is a

www.jpmorganchaseinstitute.com #JPMCInstitute @Farrell_Diana The JPMorgan Chase Institute is a global think tank dedicated to delivering data- rich analyses and expert insights for the public good Reports Insights Indices and Data

492 views • 18 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
SOTETO Design of technical Support for a socio- technical evolutionary-teal Organization Viva

SOTETO Design of technical Support for a socio- technical evolutionary-teal Organization Viva

SOTETO Design of technical Support for a socio- technical evolutionary-teal Organization Viva con Agua de St. Pauli e.V. non-profit organization access to clean drinking water for all people worldwide more than 20,000 volunteers

972 views • 37 slides
Benefit Analysis of an Electronic Road Use Charge System Steven Newman, CEO EROAD New Zealand

Benefit Analysis of an Electronic Road Use Charge System Steven Newman, CEO EROAD New Zealand

Benefit Analysis of an Electronic Road Use Charge System Steven Newman, CEO EROAD New Zealand steven.newman@eroad.com IBEC Session 1: Developments in Benefits, Evaluation and Costs of Road Charging www.ibec-its.com About EROAD EROAD is a

233 views • 21 slides
MULTILINGUAL AUTOMATED TEXT ANONYMIZATION Francisco Dias francisco.m.c.dias@tecnico.ulisboa.pt

MULTILINGUAL AUTOMATED TEXT ANONYMIZATION Francisco Dias francisco.m.c.dias@tecnico.ulisboa.pt

MULTILINGUAL AUTOMATED TEXT ANONYMIZATION Francisco Dias francisco.m.c.dias@tecnico.ulisboa.pt 03/06/2016 Instituto Superior Tcnico Slide 1 of 52 INTRODUCTION RELATED WORK ARCHITECTURE INTRODUCTION ANONYMIZATION METHODS

694 views • 52 slides

More recommend