The subject of the staff representation law proceedings before the Wiesbaden Administrative Court is the question of whether, when introducing livestream lessons via video conferencing systems, in addition to the consent of parents for their children or adult students, the consent of the respective teacher is also required, or whether the data processing carried out here is covered by the Hessian Data Protection and Freedom of Information Act (HDSIG), as well as the question of what rights the staff council has in this regard.
The Chamber for Public Sector Staff Representation Law of the Wiesbaden Administrative Court decided by resolution of December 21, 2020, to refer the question to the Court of Justice of the European Union (CJEU) whether a provision must meet certain substantive requirements of the GDPR to constitute a “specific provision” within the meaning of the GDPR. Furthermore, it needs to be clarified whether a national norm, if it evidently fails to meet these requirements, can nevertheless remain applicable.
The clarification of this question determines whether the Hessian data protection provisions meet the requirements of the GDPR and whether these norms would remain applicable despite a potential infringement.
The Chamber for Public Sector Staff Representation Law has doubts that the Hessian provisions (§ 23 para. 1 p. 1 HDSIG and § 86 para. 4 p. 1 HBG) constitute norms that meet the requirements of the GDPR (Art. 88 para. 2 GDPR). These requirements have not been met either in the Hessian norms themselves or through supplementary normative specifications elsewhere in the respective law.
These concerns of the Chamber for Public Sector Staff Representation Law are not shared by the Federal Labour Court (BAG) regarding the identically worded norm in the Federal Data Protection Act (BAG, decision of May 7, 2019 – 1 ABR 53/17 –, BAGE 166, 309-322, para. 47). However, the Chamber for Public Sector Staff Representation Law is of the opinion that merely stating that the controller must comply with the principles set out in the GDPR in particular (§ 23 para. 5 HDSIG; corresponds identically to § 26 para. 5 BDSG) does not suffice to meet the requirements of the GDPR (Art. 88 para. 2 GDPR).
The referral decision (File no.: 23 K 1360/20.WI) is final and unappealable.
Source: Press release No. 03/2021 of the Wiesbaden Administrative Court dated January 27, 2021
