An employee’s obligations when dealing with company data: extraordinary termination due to the deletion of data

Pursuant to the general rules for mandates, applied accordingly to employment relationships, an employee must deliver to his/her employer everything that he/she was given for the performance of his/her work and, in addition, everything that he/she obtained through the performance of his/her work. This also includes any files, other documents and computer files which the employee created for the employer as part of the employment relationship (German Federal Labour Court (BAG), 14 December 2011 – 10 AZR 283/10).

The Regional Labour Court of the German state of Hessen had already held by judgment dated 5 August 2013 (case no. 7 Sa 1060/10) that the contractual ancillary obligations arising from an employment relationship, within the meaning of Section 241 (2) German Civil Code (BGB), include the obligation not to deny the employer access to company files or make such access impossible. The unauthorised deletion of files constitutes a breach by the employee of his/her ancillary obligations requiring him/her to show consideration for the employer’s legally protected rights and interests. Normally, if such a breach takes place, the employer cannot reasonably be expected to continue the employment relationship until the notice period has ended. This therefore means that the deletion of company data from the employer’s server generally constitutes cause for extraordinary termination within the meaning of Section 626 (1) German Civil Code (BGB) (to the same effect: Regional Labour Court of Hamm, 10 March 2016 – 15 Sa 451/15).

Whether the deleted data can be recovered is irrelevant in this context. Furthermore, it does not matter whether and to what extent such data is actually required for the further course of business.

As a rule, a prior warning is not required if the employee has committed such a serious breach of duty that, even by objective criteria, the employer cannot reasonably be expected to tolerate it at least once. Employees cannot normally expect that their employer will tolerate the unauthorised deletion of a significant amount of data.

The latest decision of the Regional Labour Court of the German state of Baden-Württemberg has now confirmed that an employee is not permitted to delete company data. All company data belongs to the employer, who may demand the surrender of such data.

We would recommend that employers provide their employees with binding rules on how to deal with company data, in particular with regard to confidentiality and the archiving and deletion of data. This could also be used as an opportunity to define suitable authorisation and access concepts. Furthermore, employers should consider implementing technical measures to prevent unauthorised access to data and the unauthorised deletion of data. In all this, the employer should always bear in mind the requirements of data protection law. Moreover, the employer should be very careful when evaluating employee data, as any data and insights obtained in violation of data protection law might, in a worst case scenario, be unable to be used in labour court proceedings if the employee’s general personality right was infringed. This could result in the termination being invalid if the employer is unable in the proceedings to prove the breach of duty that was committed by the employee.