Data Protection and the Works Council
What is a Works Council?
A works council, or Betriebsrat / pl. Betriebsräte in German, is an organisation within for-profit businesses, representing its workers. They are not to be confused with trade unions (Gewerkschaft / pl. Gewerkschaften), which generally operate industry-wide and represent workers from several companies. Unions are in charge of negotiating wage rises and organise strikes when necessary, among other things. Works councils, on the other hand, are specific to one company with their members simultaneously being employees of said company. The purpose of the Betriebsrat is to establish a sort of checks and balances system within the company, holding the executives accountable and the workers protected. Companies have certain reporting responsibilities towards the council, e.g. regarding hiring or restructuring departments, which the council can veto – this is referred to as the co-determination process. The council is democratically elected by employees, with a re-election taking place every four years. While there are other European equivalents, the German form of Betriebsrat is the most developed and common.
The Works Council and IT
The works council is a body for co-determination and representation of employee interests within companies and groups. It represents the rights of employees and negotiates company agreements with management.
The works council has the task of controlling software
Since the protection of employees' personal data is one of the tasks of the works council, software that processes such sensitive data must always be checked and approved by the council. The reason is that this program could theoretically be used for behavioral and performance controls since work performance, working hours or personal information are recorded. Programs that fall under the purview of the works council include collaboration tools, such as Microsoft Teams and Zoom, or production control programs.
Management should always have an interest in maintaining a good relationship with the works council. Especially when new software is about to be introduced, it is important to get the works councils on board early on. Microsoft, for example, recommends to its customers that the works council be informed about developments at regular meetings during the product selection phase. Peter Fink, deputy chairman of the works council at Hessing Klinik in Augsburg, confirms that this approach works well:
During the sales process, the suppliers of the software point out that the works council must have a say and invite us to their presentations.
At Microsoft, we know that the co-determination of the works council in IT projects is often a point of conflict. Therefore, the recommendation is to also look into the past when working together to find out how the process of the new software went so far from the works council's point of view. In this way, you can identify pain points and shape the collaboration in a positive way right from the start.
Keep in mind that the works council is not an annoying obstacle, but rather an important organization that was created to protect employees. And this protection now also extends into the area of personal data.
Learn more about the specific data protection topics that need to be considered in works councils‘ work in the following sections.
The Works Councils Co-determination Process
We talked to Peter Fink, the deputy chairman of the works council at Hessing Klinik in Augsburg, about works council co-determination in IT and software projects. In the interview, he talks about how the council works with the departments to protect employees from behavioral and personal controls. This always depends on the specifics and requirements of each affected department, since on-site IT is always a little different. Fink talks about how the works council has helped to create a positive view of data protection in the company through communications about company agreements. The conversation offers an interesting insight into works council work and opens eyes to the give and take in negotiations between management and the works council. For those previously unaware of why the works council has a duty of co-determination and what role works agreements play in the software sector, this interview is worth a read.
The Role of Microsoft 365 for the Works Council
Word, Excel and PowerPoint have become indispensable in most offices. These programs are part of Microsoft 365. The software package falls under the co-determination obligation of the works council. This is due to the fact that it’s a productivity tool, and the analyses it generates can theoretically be used to surveil employees. Possible scenarios could include identifying employees whose productivity falls below the expected level or controlling working hours. But that’s not all: the contents of files can also be analyzed automatically.
To ensure that data protection and personal rights are obeyed despite the use of Microsoft 365, the works council and the employer can conclude a company agreement. This should take into account the special features of the Microsoft packages and, in particular, regulate the handling of automatic updates. This is because technical details within individual Microsoft 365 programs can change as a result of an update, making renewed co-determination by the works council necessary. Specialist law firms and specialized training providers support the works council in finding the best possible solution for dealing with Microsoft 365.
The Works Council and Data Protection
The topic of data protection affects the works council in three ways.
- First, in order to fulfill its duties, the works council must work with personal data of the employees it represents in the event of a conflict. This involves, for example, health information, letters of dismissal or the contents of personnel files.
- Second, the works council must protect its own data and internal communications from access by the employer. This means that the contents of the files should not be visible to anyone except the members of the works council. For this purpose, encryption of the storage locations is recommended.
- Third, safeguarding the personal rights of employees is one of the tasks that the works council must take care of. New software, surveillance cameras and other control systems must therefore always be checked to ensure that employees' data is adequately protected.
Once the review is complete, the framework conditions for the use of the new system, as well as future control intervals, are recorded in writing and made available to employees. In doing this, you can make sure that everyone in the company is aware of their rights and obligations regarding data protection.
Microsoft 365 - Automated Monitoring of Updates
The regulations for dealing with Microsoft 365 in the company, which were made as part of a works agreement, can be undermined by an update of the software. This is due to the fact that Microsoft frequently rolls out small updates according to their so-called evergreen approach, instead of rolling out several changes simultaneously in large campaigns, since those would attract unwanted media attention.
This has implications for works councils, who need to permanently keep an eye on the potential impact of updates on data protection. This is a major challenge, as the changes often affect small details that laypersons can hardly notice or assess.
Here's where automated software provides relief: The one we'd like to present is the Microsoft 365 Checker from Konverion. The German-based company specializes in informing works councils about all changes in Microsoft 365 and offers various tools allowing councils to automate monitoring and receive notifications of changes relevant for data protection.