Home Data Protection The European Court of Justice Clarifies Stricter Requirements for Dismissing Data Protection Officers in Germany

The European Court of Justice Clarifies Stricter Requirements for Dismissing Data Protection Officers in Germany

by delta
0 comment

The European Court of Justice (ECJ) has clarified on February 9, 2023, in two separate rulings on the requirements for dismissing a data protection officer (DPO) in Germany. The German Federal Labour Court submitted questions to the ECJ regarding the validity of stricter dismissal requirements under the Federal Data Protection Act (BDSG) compared to the GDPR. The Federal Labour Court had to decide on two cases of dismissal of a data protection officer, one due to a potential conflict of interest with the employee’s regular work and the other due to their position as chairperson of the works council.

Dismissal requirements under BDSG can be stricter than GDPR

Two cases came before the court, with both cases concerning the dismissal of data protection officers. In one case (C-453/21), a semiconductor manufacturer employed a data protection officer who also served as the chairman of the works council. The employer viewed these two roles as incompatible, citing a conflict of interest as justification for the dismissal.

In the second case (C-560/21), a public employer claimed that the duties of the data protection officer conflicted with the officer’s other professional obligations. The employer justified their decision to dismiss the officer by referring to the implementation of Saxony’s data protection authority. However, the data protection officer argued that there was no valid reason for the dismissal.

The Federal Labour Court wanted to know whether the stricter dismissal requirements under BDSG were valid compared to the GDPR, which only prohibits dismissal of a data protection officer based on the fulfillment of their tasks. The ECJ confirmed that national provisions can set stricter requirements for the dismissal of a data protection officer, which then apply to cases in the relevant jurisdiction.

Interpretation of conflict of interest under GDPR

Regarding the potential conflict of interest between the positions of a data protection officer and a chairperson of the works council, the ECJ clarified the interpretation of the relevant article in the GDPR. The ECJ explained that a conflict of interest can exist if other tasks or duties cause the data protection officer to determine the purpose and resources of the processing of personal data. However, the ECJ did not determine whether the work as a chairperson of the works council meets this threshold.

Case-by-case determination of effective dismissal under national law

The ECJ referred back to national courts to determine whether there is a conflict of interest and whether national requirements for dismissal are met. This means that the decision on whether a dismissal is effective remains a case-by-case one under national law. The decisions of the Federal Labour Court in the two pending cases must be awaited.

Data protection officer can be external

It is also permissible to work with an external data protection officer, in which case the special termination protection does not become relevant. This means that the data protection officer must not necessarily be an internal employee of the company.

Practical implications

The ECJ decision strengthens the position of the data protection officer by allowing for stricter national provisions for their dismissal. However, the decision does not provide much guidance for employers, as the determination of effective dismissal remains a case-by-case one under national law. Employers should be cautious when considering the dismissal of a data protection officer and seek legal advice if needed.

In light of the recent decision by the ECJ on the dismissal of data protection officers in Germany, employers should consider the option of appointing an external data protection officer. Doing so would not only ensure compliance with relevant regulations but also eliminate the need for special termination protection. For assistance with appointing an external DPO, employers can contact DELTA Data Protection & Compliance.

For more information on external Data Protection Officers, please contact DELTA Data Protection & Compliance.


DELTA Data Protection & Compliance, Inc. Academy & Consulting – The DELTA NEWS – Visit: delta-compliance.com

You may also like

Leave a Comment

delta-compliance.com

Delta-Compliance.com is a premier news website that provides in-depth coverage of the latest developments in finance, startups, compliance, business, science, and job markets.

Editors' Picks

Latest Posts

This Website is operated by the Company DELTA Data Protection & Compliance, Inc., located in Lewes, DE 19958, Delaware, USA.
All feedback, comments, notices of copyright infringement claims or requests for technical support, and other communications relating to this website should be directed to: info@delta-compliance.com. The imprint also applies to the social media profiles of DELTA Data Protection & Compliance.

Copyright ©️ 2023  Delta Compliance. All Rights Reserved

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00