DPA of Berlin: strict approach to denied person screenings

As already reported in the October Issue of the Privacy Advisor, the Düsseldorfer Kreis adopted a resolution on privacy aspects of employee screenings in April 2009, following a moderate approach what concerns the overall permissibility of such screenings. The DPA of Berlin apparently applies a much stricter approach; according to an informative letter to other German DPAs dated August 31, 2009, he is of the opinion that even a usage of the denied persons lists included in the EU Regulations 2580/2001 and 881/2002 (which are per se binding in Germany) cannot be justified under German data protection law provisions. In particular, the Data Privacy Officer of Berlin criticizes that the provisions of these EU Regulations are too broad to qualify for a statutory provision that would allow the usage of the data for screening purposes. Moreover, he takes the view that the balancing of interest test is in favour of the affected individuals because the lists seem to be outdated and erroneous and in fact the companies would not face any relevant sanctions for non-compliance with the applicable EU Regulations. It seems doubtful whether this approach is in fact in line with the findings and the resolution of the Düsseldorfer Kreis. Anyhow, it is recommendable for German businesses to consult with the competent DPA before introducing a denied person screening system in Germany.