University of Bremen: Employee data protection as a competitive advantage

Many companies today are under enormous cost pressure. They can no longer allow themselves “idle times” of employees. To avoid this, companies often collect data from their employees in real time – mostly through targeted monitoring measures, for example location queries. This also gives companies access to the highly sensitive data of their employees. This can result in serious encroachments on the privacy of those affected.

The inadequate protection of employee data by companies has repeatedly made headlines in various industries in the past. “Most recently, the food delivery services have come into the public eye,” says Janine Schleper from the University of Bremen, who works in the joint project “Success through employee data protection” (EduMiDa). “A violation of employee data protection is no longer a minor matter today. Rather, under the General Data Protection Regulation, companies are threatened with massive fines for violations, which in particularly serious cases can reach millions. “

However, many companies see the protection of employee data not as a challenge, but as a burden. “But it doesn’t have to be like that,” says Janine Schleper with certainty, “on the contrary, operational optimization and data protection can be combined and used together as an advantage!”

EduMiDa: Data protection is not the problem, but the solution
This is exactly what the EduMiDa project is about, to which Schleper and her colleague Matthias Kohn – both employees of the Institute for Information, Health and Medical Law (IGMR) at the University of Bremen – contribute their legal expertise. “With EduMiDa we have set ourselves the goal of not only resolving the conflict between data protection and operational optimization, but also of turning it into a competitive advantage,” says Kohn. For this purpose, automated data protection metrics are being developed that combine employee data protection and data-based operational optimization in the best possible way and thus meet the requirements of both companies and employees. “In the end, both sides win through practical applicability and transparency,” Kohn is certain. Effective data protection will be reconciled with economic capacity to act.

The IGMR brings the different legal bases that currently exist for personal data into the automated data protection metrics. “In software, in which, for example, employee data is entered or location inquiries are made, it is then implemented that this data is not allowed to leave the EU area,” Janine Schleper gives an example. “There are currently different laws and rules for different data protection scenarios. With EduMiDa, a tool is to be created that at the end of the day reliably shows the companies using it whether data protection is being complied with – or where improvements need to be made. ”

The project participants at the University of Bremen are working on various case constellations for which they clarify the principles of data protection law. “In the end, the project result should benefit everyone involved – the employers who want to optimize their work, as well as the employees. And of course, the works council and data protection officer should also be able to quickly see that everything is in order when it comes to data protection, ”says Matthias Kohn.

Interdisciplinary research team
The Institute for Information, Health and Medical Law at the University of Bremen, with its expertise in the field of employee data protection law, is the legal partner in this research project. The other project participants are the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt as coordinator, the Westphalian Wilhelms University in Münster and pli solutions GmbH from Gütersloh. The project, which will run until March 2024, is funded by the Federal Ministry of Education and Research (BMBF) with around 1.5 million euros.