The LAG of the federal state of Saxony-Anhalt has provided clarity when it comes to the scope of the works council’s right of inspection (court order of 18 Dec 2018 – ref. number 4 TaBV 19/17). The works council receives access to salary lists in which the employees are listed transparently and not anonymised. This is the only way for the works council to fulfil its monitoring obligations according to Sec. 80 Para. 2 Sentence 2 German Works Constitution Act (Betriebsverfassungsgesetz – BetrVG) and check whether the employer pays salaries in accordance with the collective agreement and in a gender-neutral manner.
The works council’s right of inspection according to Sec. 80 Para. 2 Sentence 2 BetrVG exists to the extent that is necessary to fulfil its obligations. The works council is not required to substantiate any particular demand for monitoring. Instead, the need for monitoring already arises from Sec. 80 Para. 1 No. 1 BetrVG, which requires the works council to monitor the compliance with laws, collective agreements and the general principle of equal treatment. According to the LAG, the works council is only able to control effectively which employees receive which remuneration components if the aforementioned data is revealed. It cannot be expected from the works council that it attempts, in “detective detail work”, to allocate the remuneration components to the individual employees in anonymised lists.
Employers should be prepared for the fact that their works council has the right to inspect non-anonymous salary lists. If possible, they should keep staff lists available in which all the information that the works council urgently needs for its monitoring duties can be found.
Works council as data protection controller
The LAG’s decision concludes with a little sensation. The court comments on the much discussed question of whether the works council is to be regarded as the “controller” within the meaning of Art. 4 No. 7 GDPR. The LAG regards the works council to have its own data protection responsibility, as it determines the purposes of the information it inspects. From a data protection point of view, this classification has numerous consequences. The classification as a controller, for example, brings about the consequence that the works council is obliged to provide the data subjects with information (Art. 13 et seq. GDPR), to maintain its own deletion concepts and processing directories (Art. 17, 30 GDPR) and to appoint a data protection officer if the size of the works council equals or exceeds 10 persons (Sec. 38 Para. 1 Sentence 1 Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG)). A further highly controversial issue for works councils is the question whether the works council’s position as controller can consequently also result in a liability towards employees or a regulatory responsibility towards the data protection authorities. The LAG did not comment on this, but this would be the logical legal consequence.
However, the last word on the classification of the works council as a controller has not yet been spoken. An appeal against the ruling has already been filed. It remains to be seen whether the German Federal Labour Court agrees with the assessment of the LAG.