Disclosing sensitive data concerning colleagues justifies immediate dismissal.

 Baden-Württemberg State Labor Court confirms immediate dismissal of a works council member for violating data protection regulations.

Tobias Vößing

Veröffentlichung sensibler Daten über Kollegen rechtfertigt fristlose Kündigung.

Both supervisory authorities and labor courts place great importance on data protection. The employer is entitled to immediately dismiss a works council member if they disclose sensitive health data concerning colleagues. The Baden-Württemberg State Labor Court reached this decision in its ruling dated March 25, 2022 (Ref: 7 Sa 63/21).

In this specific case, a long-standing employee and works council member had distributed a Dropbox link. This Dropbox folder contained case texts including colleagues’ health information. In response, the employer immediately dismissed the works council member. The Labor Court ruled that the employer was justified in doing so. The dismissed works council member appealed the decision before the Baden-Württemberg State Labor Court, but the appeal was unsuccessful.

Disclosure of case files from unfair dismissal proceedings

The background was a long-running dispute concerning the dismissal of a development engineer who had worked for the company since 1997. He had been a works council member since 2006, and was released from his duties from 2014 onward as part of this role. In 2018, he was dismissed without notice and his unfair dismissal court case was successful. The complainant then published case texts from these labor court proceedings via Dropbox.

A large group had access via Dropbox

As a consequence, the employer once again dismissed the works counselor without notice. The employer justified this action on the grounds that the complainant had violated data protection regulations by disclosing case files from the previous unfair dismissal proceedings. In particular, this pertained to case texts submitted by the employer, which also contained other employees’ health information, as well as their full names. By providing access to the Dropbox folder, the complainant disclosed this information to a large group.

Lack of confidentiality regulations is no excuse

In response, the dismissed works council member countered with the argument that there were no confidentiality regulations concerning the process files. Therefore, the dismissal was invalid. Furthermore, he also argued that he had not violated the data protection regulations as he had acted solely within the scope of “purely personal or household activity” pursuant to Article 2 (2) letter c of the GDPR. The accusations had placed a great strain on him as both a family man and as a works council member. Accordingly, he had acted in his own legitimate interest as he was entitled to state his position regarding the case and to provide information.

Appeal remained unsuccessful

The Baden-Württemberg State Labor Court followed the Labor Court’s previous decision and ruled in favor of the defendant employer. The complainant had publicly disclosed employee health information via the Dropbox link to the texts and had, therefore, also enabled further processing. As a consequence, he had violated the personal rights of the aforementioned persons without justifiable reason.

Present position during appeal

The judges stated that this did not represent the exercise of legitimate interests. Ultimately, the complainant had had the opportunity to submit an appeal in order to present his position during these proceedings.

Data protection violations may justify immediate dismissal. This also applies to members of the works council. This is yet another ruling that illustrates the high degree of care that both employers and employee representatives must take when dealing with personal data. The requirements are extremely demanding with regard to sensitive employee health data. Nevertheless, anonymization and pseudonymization generally provide practical solutions.