Germany: BYOD in Times of a Pandemic
Especially in current times of pandemic, more and more people are switching to home office in order to practice social distancing and slow down the spread of the virus. However, it is often difficult for employers to acquire and lend new devices to each employee so that they can work from home. If the employee already has devices available at home, it is therefore a good solution to use these. This alternative is called BYOD (Bring Your Own Device), but there are some things to consider.
BYOD is a user agreement that allows the use of private devices such as notebooks, tablets and smartphones for business purposes. A characteristic feature of BYOD is that the end device remains the private property of the employee during business use. The employee continues to be entitled to use the device for private purposes. The employee does not necessarily have to be the sole owner of the terminal device, but only he or she is entitled to use the terminal device for business purposes.
What needs to be considered when introducing BYOD?
In general, BYOD entails various risks due to the associated mixing of private and business matters. It is therefore advisable to reach an agreement between the employer and the employee to supplement the employment contract. In particular, the protection of business and trade secrets as well as the handling of personal data is subject to a certain risk by BYOD.
Separation of private and business affairs
The separation of private and business content on the terminal device is particularly important for the introduction of BYOD, as otherwise data protection difficulties would arise, especially under Art. 32 (1) DS-GVO. The separation of private and business content could be carried out physically, for example by applications installed on the terminal equipment. Alternatively, the separation could also be achieved by using different user accounts or virtualization techniques.
Avoidance of data on the end device / prohibition of data backup
A big problem of all data protectors is to ensure the avoidance of data and the prohibition of data backup on the end device, the responsibility for which is solely incumbent on the employer. A data avoidance protective measure within the meaning of Article 32 (1) DS-GVO could, for example, be the establishment of access to a server of the employer via VPN. This would lead to the avoidance of the local distribution of personal data and operational information on the terminal device.
Licensing Law
In addition to data protection and labor law regulations, the assurance of software license management and compliance with IT security in the company also play an important role. In terms of licensing law, the employer should ensure that he or she has the necessary rights of use if certain software is to be installed on the employees’ end devices. It is also important to prevent the use of software already installed on employees’ end devices that is licensed for private use only from being used for business purposes. In order to avoid any licensing disputes, we recommend that employees only work remotely on the employer’s servers.
Private use of the end device during working hours
What about the private use of the end device during working hours? On the one hand, the terminal device is owned by the employee, on the other hand, the duty to perform work is of course a highly personal duty to be performed by the employee during working hours. So can the employee simply be banned from using the terminal for private purposes? After all, the terminal equipment is owned by the employee. But of course, the employee must fulfil his or her work duties as becomes apparent by comparing BYOD to the usage of a device owned by the employer: If she or he were to work on one of the employer’s terminals, he would not usually be allowed to use it for private purposes. However, in order to prevent unreasonable discrimination against the employee, it is usually advisable to include an exception in the usage agreement which allows the employee to use the terminal for private purposes. This should be permitted if it does not take up a significant amount of time and is necessary due to reasons attributable to the employee for which she or he is not responsible.
Conclusion By strictly separating the private and business spheres on the end device, BYOD can be a good solution to facilitate work in the home office. It is recommended that the BYOD specifications are set out in a user agreement
By Dr. Michael Witteler and Florence Fahron
Pusch Wahlig Workplace Law attorneys are available to assist you with these and other workplace issues. For more information, visit https://pwwl.de/
For more information please contact Joseph Granato, Communications Manager at L&E Global at joseph.granato@leglobal.org.