D11.6: Survey on Mobile Identity

The legal framework for LBS in Europe LEGAL FRAMEWORK FOR PROCESSING LOCATION DATA BY PRIVATE PARTIES

Legal framework for processing location data by private parties

The Telecommuncations Act and the Telemedia Act apply only to generating and use of location data by telecommunications service provider and telemedia service provider. If a private party wants to generate or use location data of a third party, a statutory basis is required. As no specific law applies the regulations of the Federal Data Protection Act must be complied with. In particular, the requirements laid down in Art. 28 BDSG must be met. In addition, other legal bases or jurisdiction may have to be taken into account.

1. 1. 1. Electronic monitoring of employees

A growing use of LBS can be observed in workplace environments. If employees and working appliances are not necessary bound to one fixed workplace, coordination of employees’ changing job sites becomes more important. Fleet management aims at effective coordination of employees and by means of saving of time and expenses increase efficiency. Localisation of employees can also bring about advantages for the employee who will not have to engage in planning, coordination and controlling as these tasks can be taken over by a centralized organisation department.  

At the same time generating and use of employees’ location data allows monitoring of performance, behaviour, and contextual information (where does the employee spend his lunch break; does he visit a specific doctor etc.) and linking this information enables behavioural profiling. The employee can be subjected to permanent surveillance. 

In this context the employer’s right to lead his business and the employee’s right to informational self-determination are affected. As a general rule, the employer has the duty of care for his employees. 

Applying the description of legal requirements for the provision of Location Based Services (see 2.3) to fleet management leads to the following first findings: in the context of fleet management a four-sided relation exists. The employer who contracts to the provision of LBS is subscriber to the telecommunications service and the driver of the positioned vehicles is the user of the telecommunications service. The role of the telecommunications service provider and the content provider remain unchanged. As the provision of a LBS requires data which is not anonymized, consent of the subscriber (the employer) is necessary. Consent of the user (the employee) is not required but the subscriber is obliged to inform the co-user of all such given consent.  

When contracting to fleet management the employer is not entirely free to decide about generation and use of location data relating to his employees. He is bound by obligations deriving from the labour contract. In Germany the introduction of a specific employee data protection law has long since been demanded. Until today no specific regulation exists and so jurisdiction has established binding principles instead. 

The introduction of location based fleet management must comply with the requirements laid down in Art. 28 BDSG. If the content provider and the employer enter a contract and lay down a specific purpose which requires generating and use of employee’s personal data (including location data), the use of employees’ location data is admissible.

Furthermore, Art. 87 paragraph 1 lit.6 Betriebsverfassungsgesetz (BetrVG) must be complied with. This provision requires involvement of the company’s works council (Betriebsrat) if the ‘introduction and use of technical equipment aiming at monitoring employees’ behaviour and performance is planned’. Employer and works council shall close a company agreement (Betriebsvereinbarung) protecting the employees’ personal rights, Art. 75 paragraph 2 BetrVG. This company agreement shall follow the trade-off laid down in Art. 28 BDSG. The introduction of LBS is therefore only admissible if necessary and reasonable to safeguard a legitimate purpose.