Find out today what the legal world will be talking about tomorrow.
Use of data glasses (Smart Glasses) in companies
The effects of the corona pandemic have at times brought entire economies to a standstill, causing one of the most serious economic crises in decades. In addition to the tourism industry, the manufacturing sector has also been hit particularly hard. According to the German Association of the Automotive Industry (“VDA”), for example, the number of new vehicle registrations in Germany fell by 35 percent to 1.21 million units in the first half of 2020. For the year as a whole, the VDA expects a decline of around 23 percentage points in Germany, with the European market also expected to shrink by a similarly sharp 24 percentage points. Now that the initial shock has been overcome and initial measures have been taken to mitigate the immediate effects, the task now is to implement measures with long-term effects in order to achieve a certain degree of robustness against further waves of infection or entirely new pandemics.
A current trend is the use of so-called “data glasses” or “smart glasses”, which are already routinely used in warehouse logistics and commissioning. Smart Glasses represent a relatively new type of human-machine interface, which uses video sensor technology to record environmental conditions and supports users in real time via the Internet using the collected information. Video data can be transmitted from production plants to maintenance service providers, for example, enabling direct communication with the wearer of the glasses. Users can thus be supported in real time in the event of simple repairs or operating difficulties, however the use cases can be expanded almost indefinitely. Market-ready solutions include the networking of data glasses with the company's own ERP and CRM systems, the IT-supported processing of checklists or the interface-based connection of additional machines or tools. In the future, artificial intelligence (“AI”) applications can also be integrated into the system, where the AI automatically supports the user by autonomously recognizing the need for repairs or incorrect settings of systems. With regard to Covid-19, this technology provides a special benefit: All work on or checks of production machines can be carried out completely remotely and does not require the physical presence of service providers. Even purely internal company processes can be reorganized without physical contact.
Legal risks - What must be considered?
The realization of the above-mentioned opportunities is also accompanied by legal risks, which must be identified and mitigated. It is true that the employer has the right to instruct the employees to use modern work tools. However, the employer's discretion in this regard only extends as far as the rights and legally protected interests of the affected employees are not violated by the use of these tools. In the context of IT-driven data processing, this includes personal rights and data protection issues in particular, as the use of Smart Glasses usually involves the processing of a large amount of personal employee data. In many different decisions, the Federal Labor Court has repeatedly confirmed that employees are worthy of protection against unauthorized monitoring using various technologies.
Company agreements and processing rules
The use of the correct legal basis and the identification of the relevant legal limits are fundamental for data protection compliant use. Even if legal permissions such as Art. 88 GDPR (data processing in the context of employment) or Art. 6 para. 1.f) GDPR (legitimate interest of the employer) are not excluded per se, the conclusion of a company agreement to legitimize the processing activities using Smart Glasses should be considered for reasons of legal security if the company responsible for data protection has a works committee.
Company agreements can represent an effective legal basis for data protection by virtue of legal regulations. Compared to legal legitimization, they have the advantage that they can be used to draft regulations that are tailored to the needs of the company in question. In particular, the use of appropriate technologies must not lead to employees being subjected to a complete performance and behavioral control. If there is no works committee, then at the very least internal processing rules (guideline for the use of data glasses) should be created, which are legally non-binding, but provide valuable legal security for the decision-makers in the company.
Integration of an IT service provider
If Smart Glasses are implemented with the involvement of an IT service provider, a contract for order processing with the mandatory contents of Art. 28 para. 3 GDPR must be concluded with this provider. The core of the contract for order processing are appropriate technical and organizational measures according to Art. 24, 25 and 32 GDPR.
Art. 25 para. 1 GDPR and Art. 32 GDPR oblige the person responsible to take technical and organizational measures with the service provider in order to effectively implement the principles of the DSGVO and to protect the rights of the data subjects.
Cross-border data traffic
Furthermore, there are additional requirements to be observed if the implementation of Smart Glasses involves an IT service provider whose servers are located in the USA or another third country. In this case, the special regulations for cross-border data traffic according to Art. 44 ff. GDPR must be taken into account, whereby the ruling of the European Court of Justice on the invalidity of the EU-US Privacy Shield ("Schrems II") must also be considered, as it contains important indications for the adaptation of the standard data protection clauses. Especially in larger groups, the effective integration of standard data protection clauses is a complex matter, for which framework agreement solutions are available.
Further formal obligations regarding data protection
When implementing Smart Glasses, there are further formal obligations such as the execution of a data protection impact assessment according to Art. 35 GDPR, the fulfilment of information obligations according to Art. 13, 14 GDPR and the inclusion of the respective Smart Glasses product in the processing list according to Art. 30 para. 1 GDPR.
The implementation of Smart Glasses makes economic sense and represents a long-term instrument to achieve a bit more robustness against the economic consequences of further pandemics. However, the use of corresponding technologies is also accompanied by some data protection obligations. In particular, the requirements of the Supreme Court on employee data protection must be taken into account and further formal obligations must be fulfilled.
We support you with the implementation of data glasses in your company
SKW Schwarz Rechtsanwälte has set up a task force for the use of data glasses in companies. We will be happy to advise you on data protection and employment law/employment protection issues as well as on relevant IT security topics.
Take advantage of our modular concept: We offer the individual modules either at agreed fixed prices or individually according to cost. Cost transparency is a matter of course for us in any case.
- We will provide you with checklists for all legal questions that need to be checked before data glasses are used in your company.
- We carry out practical training in your company and provide appropriate training materials and service cards.
- You will receive a concrete evaluation of the commercially available data glasses with regard to generally applicable data protection and data security requirements.
- We answer all relevant questions:
- What is the legal basis for data processing?
- Which information may be used for which purposes?
- What co-determination rights do employees have?
- Does personal data have to be protected?
- For what purpose may they be used and must employees consent to their use?
- We create directly applicable data protection notices for employees in German and English.
Employment law/work safety
- We draw up individually tailored company agreements, guidelines and work instructions, taking into account all aspects of occupational safety.
- We support you in the selection of hardware and software.
- We advise you on the choice of the right model (on premise or cloud-based).
- We advise you on rollout and implementation.
Please contact us, we will be happy to help you.