The Court of Justice of the EU has ruled in the case of Case C-34/21 Hauptpersonalrat der Lehrerinnen und Lehrer beim
Hessischen Kultusministerium v Minister des Hessischen Kultusministeriums.
The referral concerned whether teachers employed by a Land Hessen ministry had to consent to the streaming of their lessons by videoconference call, or, if they did not consent, processing their personal information could be based on a legitimate aim of the GDPR.
In 2020, the Minister for Education and Culture of the Land Hessen (Germany) issued two laws covering school education during the COVID-19 pandemic, providing for lessons by videoconference. Pupils or their parents had to consent to connect to the lessons to protect personal information, but no provision was made for teachers to consent.
The Principal Staff Committee for Teachers at the Ministry of Education and Culture of the Land Hessen brought an action against the Minister responsible for those matters. The Minister argued that the processing of personal data inherent in the live streaming of classes by videoconference was covered by national legislation, so it could be conducted without the consent of the teachers concerned being sought.
The administrative court doubted if the German legislation was compatible with Article 88(2) of the GDPR. Consequently, it referred the case to the Court of Justice for a preliminary ruling.
The court’s decision
The court ruled that:
- Article 88 provides for the processing of employees’ personal data in the context of their employment. The processing of teachers’ personal data during the live steaming, by videoconference, of the public educational classes which they provide, such as that at issue in the main proceedings, falls within the material and personal scope of the GDPR.
- Article 88 of the GDPR means that national legislation cannot constitute a “more specific rule”, under Article 88(1), if it does not satisfy the conditions in Article 88(2).
- Articles 88(1) and (2) of the EU GDPR mean that application of national legislative provisions adopted to ensure the protection of employees’ rights and freedoms regarding the processing of their personal data in the employment context must be disregarded where those provisions do not comply with Articles 88(1) and (2), unless those provisions constitute a legal basis referred to in Article 6(3) of the EU GDPR, which complies with the requirements of the GDPR.
The court followed the Advocate General’s earlier opinion. Although not binding in the UK, the CJEU’s decision may be of interest to UK organisations.
