Dismissal of a data protection officer

In order to clarify the question of whether the requirements of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) regarding the dismissal of a company data protection officer are in line with the European General Data Protection Regulation (GDPR), the Ninth Senate of the Federal Labour Court (Bundesarbeitsgericht, BAG) has submitted a reference for a preliminary ruling to the Court of Justice of the European Union.

The plaintiff is the chairman of the works council formed at the defendant, who is partially released from work. With effect from 1 June 2015, he was additionally appointed as the company data protection officer of the defendant and - in parallel - of three other group companies. The defendant dismissed the plaintiff (as well as the three other group companies) as data protection officer by letter dated 1 December 2017 and - after the entry into force of the GDPR - by further letter dated 25 May 2018. In his action, the plaintiff claimed that his legal position as data protection officer continued to exist unchanged. The defendant took the view that there was a risk of conflicts of interest if the plaintiff was both data protection officer and works council chairman. This led to an incompatibility of the two offices, which constituted an important reason for the dismissal of the plaintiff.

The lower courts upheld the action. The decision as to whether the defendant effectively dismissed the plaintiff from his office as company data protection officer depends on the interpretation of EU law, which is reserved for the Court of Justice of the European Union. National data protection law regulates in § 38 (2) in conjunction with § 6 (4) sentence 1 BDSG that an important reason within the meaning of § 626 BGB must exist for the dismissal of a company data protection officer. § 626 BGB must exist for the dismissal of a data protection officer. Thus, it ties the dismissal of a data protection officer to stricter requirements than EU law, according to which Article 38 (3) sentence 2 of the GDPR only does not permit dismissal if it is carried out because of the performance of the data protection officer's duties. European law does not require an important reason for dismissal.

The Ninth Senate of the Federal Labour Court, based on previous case law, does not consider there to be an important reason for dismissal in the present case. Therefore, it has turned to the Court of Justice pursuant to Article 267 TFEU with the question whether, in addition to the provision in Article 38(3) sentence 2 of the GDPR, Member State provisions are applicable which - such as Section 38(2) in conjunction with Section 6(4) sentence 1 of the BDSG - restrict the possibility of dismissing a data protection officer in comparison to the Union law provisions. Should the Court of Justice

the requirements of the BDSG for a dismissal to be in conformity with EU law, the Senate also considers it necessary to clarify whether the offices of the chairperson of the works council and the data protection officer in a company may be held by the same person or whether this leads to a conflict of interests within the meaning of Art. 38 para. 6 sentence 2 DSGVO. Article 38 (6) sentence 2 of the GDPR.

Federal Labour Court, decision of 27 April 2021 - 9 AZR 383/19 (A) -
Previous instance: Saxony Regional Labour Court, judgment of 19 August 2019 - 9 Sa 268/18 -

By further order of 27 April 2021, the Senate referred to the Court of Justice for a preliminary ruling in the case - 9 AZR 621/19 (A) - with partly similar questions.

Source: Press release of the Federal Labour Court of 27.04.2021