Excessive monitoring and performance checks of employees due to the use of products from U.S. IT corporations are increasingly leading to unlawful restrictions on employee rights and violations of applicable data protection regulations in Germany as well.

While Microsoft responded early to concerns about questionable functions in Office 365, authorities objected to Amazon’s use of certain software. Microsoft had added an additional analysis function called “Workspace Analytics” to its “Microsoft 365” software package in an update. This made it possible to calculate a productivity score for individual employees. This value includes, for example, information on how many e-mails or messenger messages the individual employees send each day or how often they save files in the Microsoft Cloud or share these data with external persons. Also technical details, such as the use of slower conventional hard disks instead of the faster SSD. Data on the length of time webcams are activated during video conferences is also recorded here.
However, Microsoft backed down and improved the update accordingly after data protectors intervened. The Productivity Score will then only be available in summarized form at company level, so that it will no longer be possible to draw direct conclusions about individual employees.
Amazon’s reaction, however, is different. The data protection commissioner of Lower Saxony has expressly prohibited Amazon from using controversial monitoring and performance control software.
With the help of the software, every scanning process that employees perform when storing or removing products is automatically transferred to the foremen’s devices and displayed there. This enables them to monitor each individual work step in real time and, for example, to recognize directly if an employee briefly interrupts his usual work rhythm. This comprehensive data is also used to create detailed employee profiles. Amazon sees no problem at all in the use of the performance monitoring software and will not accept the authority’s decision.

In my opinion, this legal opinion does not correspond to the fundamental legal templates of the GDPR. A data protection impact assessment required when using this software according to Art. 35 GDPR would certainly confirm this. After all, the necessity and proportionality of the use of this software in relation to the purpose, the risks to the rights and freedoms of the data subjects must be assessed. This software is thus tantamount to total surveillance, which certainly contradicts the fundamental idea of Article 1 of the German constitutional Law, and thus an essential aspect of the core of the fundamental right to informational self-determination.

This post is also available in: German