Terror list screening of employees - What do companies have to consider in terms of data protection and labour law?

Some time ago, the European Union issued regulations to combat terrorism(Regulation (EC) No. 2580/2001 and Regulation (EC) No. 881/2002) (hereinafter also: regulations). These regulations prohibit, among other things, all companies operating in the European Union from maintaining business contacts with certain persons and from making financial resources available to them. Accordingly, no remuneration may be paid to employees who are on the terror lists (ban on making funds available). A violation of these requirements can be punished with imprisonment or fines. At first glance, therefore, it seems advisable to simply comply with the requirements. Unfortunately, the so-called terror list screening is not unproblematic in terms of data protection law. The following article is intended to provide a brief legal overview and concrete recommendations for action in the series "Short Articles".

1. What is the threat to companies if terror list screening is not carried out?

The mere non-implementation is not critical in itself. There is no legal obligation to do so. It only becomes problematic if a person on the lists (also: sanction lists) is paid remuneration, for example. This can, for example, be the result of a screening that has not been carried out. The regulations refer in each case to national provisions on penalties and fines. Violation of the provisions of the ordinances may result in criminal or regulatory consequences (sections 17, 18, 19 AWG, sections 130, 30 OWiG): According to the Foreign Trade and Payments Act (AWG), an intentional violation of the provision ban is punishable by imprisonment of three months to five years; in the case of negligent action, fines of up to EUR 500,000.00 are threatened. Those particularly affected are the executives responsible for the payment as well as organs of the company authorised to represent the company. In addition, in the event of failure to take the necessary supervisory measures, fines may be imposed on company owners, executive bodies authorised to represent the company, board members, managing directors and shareholders authorised to represent the company, cf. sections 130, 30 OWiG.


2. requirements of the GDPR

There should be no doubt about the fundamental right of employers to carry out employee screenings. This is because companies are threatened with serious disadvantages if they do not comply with the requirements (fines, penalties, etc.).

Exercise of legitimate interests according to Art. 6 para. 1 lit. f) DSGVO?

A suitable legal basis for screening by companies is Art. 6 para. 1 lit. f). DSGVO can be considered. The legitimate interest of the employer in these cases is the avoidance of disadvantages or sanctions. Because these threaten - as explained above - in the event of the non-performance of a screening and the resulting provision of remuneration, if any, to persons who are on the sanctions lists. The employees concerned must have been informed accordingly in accordance with Art. 13 GD PR before the screening is carried out. It is possible that the screening is also carried out by another service provider within the framework of commissioned data processing.

Uncertainty due to supervisory authorities?

Since no obligation to screen employees arises from the above-mentioned regulations themselves, the permissibility of such screenings remains controversial. The supervisory authorities criticise such employee data matches in some cases. However, they are also considered permissible under data protection law, especially in view of customs practice (cf. 32nd Activity Report of the LfDI BW 2014/2015, p. 146 f.). As a result, the better arguments speak for the admissibility of employee screenings under data protection law. Nevertheless, companies are well advised to comply with the general data protection requirements (information, purpose limitation, data minimisation, storage limitation, etc.).


3. labour law dimension

Do the regulations affect the employment relationship? The regulations do not contain any explicit provisions on consequences under labour law. However, the above-mentioned prohibition of provision affects the core area of the employer's obligations: The payment of remuneration. For this reason, there may also be consequences for the employment relationship.

Ineffectiveness of the employment contract

The employer may not pay remuneration to an employee who is on a sanction list. The employment contract is therefore invalid due to the resulting violation of the Minimum Wage Act (cf . section 134 BGB in conjunction with section 3 MiLoG). In principle, the invalidity of an employment relationship that is already in progress only takes effect for the future. Consequently, remuneration already paid is not to be repaid.

Contestation or termination by the employer?

A person who is on the sanctions lists is informed of this fact by the executive of the European Union. Therefore, it can generally be assumed that an employee is aware of this. If this is already the case when the contract is concluded, a challenge by the employer due to fraudulent misrepresentation (cf. section 123 BGB) comes into consideration. The legal consequences here are also basically a termination with effect for the future (as before).
The employer will also be able to terminate the employment contract for personal reasons. In most cases, such a dismissal will be socially justified within the meaning of section 1 of the KSchG. This is because the employee concerned can no longer receive any remuneration due to the prohibition to provide work.

4. recommendations for action

In compliance with general data protection requirements, companies should conduct employee screenings before entering into an employment contract and also during an ongoing employment relationship.

In the event of a positive data match, employers should:

  • Do not employ / no longer employ the employee,
  • Stop all payments,
  • As a precaution, challenge or terminate the employment contract,
  • Check whether any remuneration already paid can be reclaimed.

Share on linkedin
Share on twitter
Share on xing
Share on facebook
Share on email

Related articles