In its judgment of March 14.03.2023, 4 (Az: 1377 U 22/XNUMX), the Dresden Higher Regional Court (OLG) decided that a company's vacation lists do not constitute business secrets. In addition, a legal entity would not be entitled to any injunction or removal claims under data protection law due to the use of its employees' data from personnel files.

1. FACTS

The plaintiff company requested that the defendant union stop using data from its payroll accounting and, by way of a step-by-step lawsuit, requested information about the possession and release of other documents containing confidential information from its company. The content involved information from payroll accounting (including lists of sick and vacation days) as well as emails from a former employee of the plaintiff. The defendant had submitted these documents in another proceeding.

The regional court had dismissed the lawsuit. It remains to be seen whether the emails are trade secrets. In any case, the defendant was able to rely on considerable interests and was therefore allowed to present the emails in the proceedings. Furthermore, data protection regulations of the GDPR (General Data Protection Regulation) have not been violated. The submission of data in court proceedings does not constitute data processing Art. 4 GDPR period.

The OLG ultimately confirmed the regional court's decision.

2. DECISION

According to the OLG, the regional court correctly denied possible claims under the General Data Protection Regulation. Because according to the clear wording of the Art. 4 No. 1 GDPR Legal entities like the plaintiff cannot rely on the claims contained in the GDPR. Furthermore, the plaintiff cannot rely on the Federal Data Protection Act (BDSG). The mere fact that the plaintiff is a non-public body in the sense of § 1 paragraph 1 sentence 2, Section 2 Paragraph 4 BDSG is obliged to protect the data it collects from employees, but this does not lead to a claim by the plaintiff against third parties. Finally, the plaintiff has no claim under the §§ 823 paragraph 2, 1004 Paragraph 1 Sentence 2 BGB in conjunction with the regulations of the BDSG. Due to the direct legal binding nature of the GDPR (Article 288(2) TFEU) and their priority of application, national law only applies if the material scope of the GDPR is restricted or if the European legislator has given the member states the power to regulate independently through an opening clause. Finally, the plaintiff has no claims for injunctive relief, information or publication of the documents Sections 6, 7 and 8 Business Act regarding the vacation and sickness lists. Because the information has no economic value within the meaning of Section 2 No. 1a GeschG. It is not clear to what extent this information could cause damage to the plaintiff GmbH if it becomes known.

3. CONCLUSION 

The decision is convincing in its substance. Even if this decision largely confirms well-known principles that arise from a simple interpretation of the law, it is still relevant to practice. In particular, the court's considerations on the question of the existence of a trade secret are very informative.