Minimum wage and data protection
Since the beginning of January 2015 the new Minimum Wage Law applies. But why does a consultancy for data protection and security inform about this law?
Is there a connection between the Minimum Wage Law and data protection? The answer: Yes. At the first glance it is unexpected, but when examining the law it is obvious. This review will provide clarification.
Aim of the Minimum Wage Law
The legislator wants the client to ensure the compliance of the legislations on minimum wages. In the past many minimum wages and similar wage agreements were infiltrated, especially by false self-employed workers with service contracts and contracts for work. Thanks to the law these opportunities shall disappear.
An employer who charges another employer with services or work is liable for the subcontractor. He is liable as guarantor who has waived the defence of failure to pursue remedies (§ 13 MiLoG, § 14 AentG). The same applies to the subcontractors of the client.
Important for clients
The client is liable for his entrepreneur and subcontractors and the compliance of the Minimum Wage Law. This liability without fault can’t be eliminated completely by a careful choice and control (Informationstext des Unabhängigen Landeszentrums für Datenschutz (ULD) Schleswig-Holstein, 06.02.15). For this reason the client has to minimize his liability risk and his risk of incurring a fine. He has to take action for this.
The relevance in terms of data protection
From the perspective of the client it might be useful to collect and process data that show that the commissioned companies comply with the Minimum Wage Law. A control of the payroll accounting could be an obvious solution. But in such controls data protection requirements have to be met. This applies both to the clients (collect, process and use data) and the contractor (transfer the data).
The clients have to check (according to § 28 Abs.1 Satz 1 Nr. 2 BDSG) whether collecting and saving employee data is required for the compliance of their own business purposes and their entitled interests. The client has to make sure that the legitimate interest of the person in exclusion of the data processing or use of data doesn’t outweigh.
The contractors have to consider whether the transfer of employee data is necessary for the employment. If it is necessary, then the transfer is permitted(§ 32 Abs.1 Satz 1 BDSG).
From a data protection point of view the case under 1 might be permitted in particular cases, the case under 2 hast to be considered as not permitted by German data protection law.
[„Wenn der Auftraggeber auf Basis einer vertraglichen Abrede mit dem beauftragten Unternehmer bei diesem einen pauschalen Zugriff auf bestimmte arbeitsvertragliche Unterlagen möglicherweise aller Beschäftigten oder gar auf deren Personalakten erhält.“ (ULD Schleswig Holstein, 06.02.15)]
In § 32 BDSG the interests are weighed up in contrast to § 28 BDSG. A balancing of interests can open up new opportunities. The assessment of necessity has to be very strict. The necessity of the payroll accounting control for the purpose of establishing employment is the only thing to check.
According to the ULD the client has to refer to methods that do not require data collection (less severe measure). Controlling payroll accountings of employees of contractors would enable the access for the client to data (religious affiliation, marital status, date of birth, tax class, etc.) that is not necessary for the minimization of the liability risk. Therefore, the transfer of payroll accountings form contractors to clients is not permitted by law.
The client might consider this situation as a dilemma. On the one hand the guarantor is responsible fort he compliance of the Minimum Wage Law by the contractor. On the other hand he isn’t allowed to control the payroll accountings of the contractor to minimize his risk of liability. The legislator did not create a corresponding legal basis according to § 1 Abs. 3 Satz 1 BDSG that could jutify such a control.
Good solution approaches
Certainly it’s useful to make appropriate contractual regulations and choose the service providers carefully. This isn’t a legal obligation but has to be considered as binding to minimize the liability risk for the client.
At this point we only want to name a few solution approaches:
• Checking the offer for signs that the minimum wage is not paid
• contractual term for compliance of the Minimum Wage Law with contractual penalty regulation
• regulations for subcontractors (exemption from demands, banc guarantees)
• auditing regulations (anonymization, trusted third parties)
• right of veto for subcontractual relations
For further information and detailed solution please contact your competent and experienced data protection officer.