Employer wants to use my work email account after I quit, is this legal under German law? Is this a GDPR waiver?

Question

Background info: I am leaving my current job in the next couple of weeks. (If you want to know why just check my other questions.) Germany, Junior Developer

Yesterday I got a list of all the things I need to return before I leave. I didn't think too much of it at first. It had boxes to check what I still have and need to return and had a place for my signature at the bottom. But as soon as I started reading the fine print my inner alarm went of. It states (translated from german):

"I confirm that (company) is allowed to use my mail account unrestricted. This includes viewing all mails and using all messages for business Correspondence"

Original: "Ferner bestätige ich, dass (der Betrieb) ab sofort uneingeschränkt berechtigt ist, meinen E-Mail-Account zu nutzen. Dies beinhaltet diesen durchzusehen und die dort vorhandenen Nachrichten uneingeschränkt als geschäftliche Korrespondenz verwenden zu können. "

(I added the german original for context, because my english skills are far from perfect, maybe someone can translate it in a better way)

Now this seems odd to me for a couple of reasons. First of all: Why would this be on this list? It seems to me that they wanted me to sign it without thinking about it. Like: "Here I gave you all my stuff and we both sign it". The HR Person didn't tell me to look at the fine print either. She just said it is for the physical stuff I have from the company. Second of all: Why do I need to sign this stuff anyway? Wouldn't it be the responsibility for THEM to sign it after I returned my stuff? So I have proof I gave the stuff back?

Question: Is this common practice in Germany, or anywhere for that matter? Should I sign this thing at all? What do I have to lose, or to gain?

Side Note: There are no private mails on there I am worried about, but there are some business mails that are very confidential and should stay in the IT department.

UPDATE:

I usually agree with the most upvoted answer, but this time I decided differently. I did what the accepted answer recommended, which is not signing anything. Until now, almost 2 month later, I have not received any message claiming I did something stupid. If they have the legal right anyway, there is no need for me to sign it, and that was exactly what I told the nice HR lady who helped me with my offboarding process. She agreed and even signed a paper for me I set up to prove I returned everything. Alltogether I didn't sign anything when leaving. And I don't regret it. My old company might have looked a little surprised by this, but they didn't push me to sign it afterwards.

Thank you for all your answers.

Is it actually your account? E.g. Pudora@hotmail.com, not pudora.surname@company.de — Justin, Jun 19 '19 at 07:39
What is the german wording. "use" sounds like they want to send e-mails in your name. But your description is more "want to read my old messages". — FooTheBar, Jun 19 '19 at 08:30
It's not your email address. The email address belongs to the company. — joeqwerty, Jun 19 '19 at 10:47
@FooBar in german it says: "Ferner bestätige ich, dass (der Betrieb) ab sofort uneingeschränkt berechtigt ist, meinen E-Mail-Account zu nutzen. Dies beinhaltet diesen durchzusehen und die dort vorhandenen Nachrichten uneingeschränkt als geschäftliche Korrespondenz verwenden zu können. " — Pudora, Jun 19 '19 at 11:14
This would include sending messages (which could look like you sent them). — FooTheBar, Jun 19 '19 at 11:40
Who would they be emailing? Do you have clients or contacts? If so, I'd be letting them know I'm leaving, maybe send out a "Thanks, good to work with you" thing. — Keith, Jun 19 '19 at 15:59
Relevant article. I'd recommend you pretty much ignore any answer that doesn't make clear it's specifically about Germany. No answer that I can see even mentions the distinction between permitting personal mail or not. — JollyJoker, Jun 19 '19 at 17:23
Potentially related: My ex-employer is sending emails to customers in my name — David K, Jun 19 '19 at 17:45
@joeqwerty Which means they should be able to reset the password and access it without OP intervention. If they have to do a legal procedure to obtain ownership it means that it is not legally theirs. — Bakuriu, Jun 19 '19 at 18:45
Your email address may be necessary to recover a forgotten github/asana/software licensing account. That being said, I would be careful about the "unrestricted" part. Does this mean they want to impersonate you in front of clients/investors? Does this mean they want to recover deleted emails? Personally, I would just say: Yes, you can use my email. No, I'm not signing anything. If you really want me to sign this, I'll have to consult a lawyer. And if you really want me to consult a lawyer, you have to pay me extra for both my time it takes to do that and the money I'll have to pay that lawyer. — Stephan Branczyk, Jun 20 '19 at 03:58
@ToddWilcox it reads to me more like a reminder that the company has the right to use the account rather than a request for permission. — jwenting, Jun 20 '19 at 04:08
Regarding your side note, I think it's the company that gets to decide what is and isn't private, not the department in the company. — chepner, Jun 20 '19 at 20:35
"Should I sign this thing at all?" - I wonder what would happen if you didn't sign it. What recourse or leverage do they have on you? I mean, they're not gonna fire you, and I'm pretty sure they're obliged by law to pay you for all your hours. I honestly wonder what the advantage is of signing anything at all in your situation... It almost feels like they are pushing an (administrative) burden they have onto a quitting employee. — marcelm, Jun 22 '19 at 14:07
An off-side comment: it's a very good habit to sign your emails (using certificates like smime.p7s). If you send all your mails signed with a certificate, it becomes easier to discard any identity theft attempt, on any of your mail boxes. It has the advantage not to be based on human privacy laws, or trust, but raw crypto. — m.raynal, Aug 22 '19 at 13:19

score 143 · Answer 1 · 2019-06-20T14:15:40.090

143

Your corporate email account doesn't belong to you, it's not confidential to you - it belongs to the business.

You need to allow access to that mailbox after you leave so that the business can look to see if there's any emails that are valuable or have information that isn't anywhere else.

Normally, a forwarding system will be enabled so that any future email being sent to your old corporate account will be forwarded to your manager instead.

If you have any concerns about individual email items in your account, then it seems reasonable to notify your manager and let them decide what to do about those.

You don't have anything to lose, or anything to gain from this - it's just part of the process of handing back company property.

It's likely that this clause is here to mitigate any possible claim of impersonation and for you to formally hand the exclusive access of the account over to your company.

edited Jun 20 '19 at 14:15

answered Jun 19 '19 at 07:33

Comments are not for extended discussion; this conversation has been moved to chat. – Neo Jun 20 '19 at 18:17
3

Note that the phrasing of that statement doesn't permit them to impersonate the former employee via the email account. That would still (probably) be some kind of fraud. It's just to prevent the employee from later suing the former employer over some alleged breach of privacy. – Perkins Jun 20 '19 at 23:51
1

"Your corporate email account doesn't belong to you, it's not confidential to you - it belongs to the business." - To state the obvious, the term in the checklist [as translated] does not say it is limited to corporate. Strike through the term and initial it before signing and returning to HR. – Jun 21 '19 at 01:16
1

I suggest to remove or reword "You need to allow access to that mailbox after you leave so that the business can look to see if there's any emails that are valuable or have information that isn't anywhere else." OP has no such legal obligation. Having such access without OP's intervention is the company's responsibility. – Anonymous Coward Jun 21 '19 at 05:53
While the mailbox is used -- and should only be used -- for professional matters, you do have certain rights related to the privacy/confidentiality of its contents. The clients you're emailing with also have certain rights for privacy/confidentiality on the matters discussed in the email. Mailboxes must not be shared according to infosecurity guidelines and I think this is even a requirement under GDPR, as to protect the privacy of the mailbox owner and the people sending/receiving emails to/from this mailbox – BlueCacti Jun 21 '19 at 09:57
17

"Your corporate email account [is] not confidential to you" - downvoted because that statement, kind of the premise of this answer, is not generally true in Germany. – O. R. Mapper Jun 21 '19 at 13:50
16

@O.R.Mapper - agreed, this is completely false in Germany. – Davor Jun 21 '19 at 15:17
@BlueCacti I don't see how GDPR would affect this, it regulates what the company can or cannot do with private/customer data. When you share data with an employee, you share it with the company, not that private person. Data can be shared within the company according to company policy and on a needs to know basis. If the employee handling your case leaves, someone else needs to know the relevant information. – Frank Hopkins Jun 26 '19 at 20:48
The problem is not whether they can use the email or not. The problem is whether they pretend to be OP or not. – Jonast92 Aug 22 '19 at 12:49

score 47 · Answer 2 · answered Jun 19 '19 at 07:39

47

Your emails on your company email address stored on company server is the property of the company.

You sign this to say "Yes I understand that" which by your question is not so clear.
Emails on your inbox are not for you. They are for your company and you to view them as a company representative. Company NEED to look at them to know what you were working on, to which customers reply about change of representative or to pass knowledge about them to the next person hired.

According to GDPA (German Data Protection Authorities)

The employer may access sent and received emails of the employees during a longer period of absence, if it is necessary for business purposes

But the employer is also obliged to deactivate the account "As soon as possible". And they need to know what you have in there to decise when is that "soon".

This fine print is for them IF you decide to drag them to court because you think you left some personal email and then blame them for something in your life.

answered Jun 19 '19 at 07:39

SZCZERZO KŁY

15,308
5
34
43

Thank you that makes it clear. I kinda assumed it meant they want to use the mail account in MY NAME so business partners still think they write with me. – Pudora Jun 19 '19 at 07:43
27

As a manager, when a direct report leaves I get access to their mailbox. It's purely for the reasons above. I don't have the ability to send e-mails as leaver.surname@company.com – spikey_richie Jun 19 '19 at 08:26
4

@Pudora - You should understand, they are not your business partners, you started to network with those partners due to your job. Those partners work with whoever is assigned to them by your management team. – Donald Jun 19 '19 at 13:43
2

@Ramhound I do understand that. But I dont want them to use my personal name in their mail to message people. Impersonating me doesn't seem like somethign a good company would do. – Pudora Jun 19 '19 at 14:22
@Pudora - Sounds like you are not actually worried they are going to email your contacts making it appear you still work there. – Donald Jun 19 '19 at 14:29
4

@Pudora They don't need access to your email to send emails in your name. Spoofing a name in email is pretty simple and done quite often (for example for email used by many people) – SZCZERZO KŁY Jun 19 '19 at 14:36
10

The OP is in Germany (as your answer goes on to acknowledge). That makes your first paragraph a gross simplification, to the point where it is flat-out false. – Martin Bonner supports Monica Jun 20 '19 at 13:59
The wording (in German) definitely does not mean that you just acknowledge their right to see emails. It ask for permission to unrestricted use of the account (e.g. send email). The later part about "viewing all emails" is just a distraction from that. – kapex Jun 20 '19 at 17:11
There are legitimate reasons why a company might need to send an email "as" a former employee. For example, if a company requires that you receive and reply to an email to activate a service or validate information, and the former employee's email is the one on file. The ability to send as a person does not in itself suggest fraud or deception. – barbecue Jun 21 '19 at 00:15
4

Your emails on your company email address stored on company server is the property of the company. This may not be true in all jurisdictions and particularly in OP case seems to not be true since the company is asking for a legal ownership transfer which implies the emails are not company property. – Giacomo Alzetta Jun 21 '19 at 07:19
Practical note: If they want to do something that would be illegal in general, you signing a document will not make it any less illegal for the company. Hence I think it is comparatively safe. – Dennis Jaheruddin Jun 21 '19 at 11:56
3

This answer is based in its entirety on an incorrect assumption. Everything in OPs inbox is private in Germany. Where the server is hosted is irrelevant. That's why the company is asking nicely to have access. – Davor Jun 21 '19 at 15:19
@Davor How do you get to the thought that everything would be private? That only applies if your company allows you to use your email for personal affairs and then the content isn't all private but the company might fall under regulation that applies to general mail providers and thus yes the email account is protected in that case, though exceptions might apply - in particular if you signed anything beforehand. But there it gets lawyer jungle. By default however that is not the case, i.e. you are not allowed by default to use your company mail for private matters. – Frank Hopkins Jun 21 '19 at 15:30
@kapex No, the part about reading isn't a "distraction", it makes it clear what is definitely entailed, because that way you cannot later claim "but I didn't know that would mean they will read everything, I thought they will just delete it". – Frank Hopkins Jun 21 '19 at 15:35
2

@FrankHopkins - as far as I know, all employee communication is considered private by default. Employers are not allowed to snoop into your email, chat on Slack etc. That is why they are asking. – Davor Jun 21 '19 at 17:20
1

@Davor do you have any source for that? And note that there is a difference between observing an employees behaviour for supervision, e.g. via a camera, or mixed use accounts like a stackexchange account and access to his business mail account. As stated, to the best of my knowledge the default is exactly the opposite and this article* supposedly by lawyers seems to support this understanding: https://www.lexology.com/library/detail.aspx?g=14efb8fd-dced-4de4-a448-61056625577e *posted above by JollyJoker – Frank Hopkins Jun 21 '19 at 17:32
1

@FrankHopkins "uneingeschränkte Berechtigung zur Nutzung" literally says that they can use the email account in any way they like. Just because they mention one possible use case does not mean that their rights are limited to that use case. It's an intentional distraction to whitewash which rights they actually want you give them. – kapex Jun 21 '19 at 21:41
@kapex that's your reading which out of the blue assumes bad intent, while it is perfectly common in contracts to explicitly mention special cases of a general case just so all contract signing parties agree that is part of the common formulation. – Frank Hopkins Jun 21 '19 at 21:43
Sure, it's common to draft contracts with broad terms that later get narrowed down in negotiations. I guess I do assume a bit of bad intent here because to me it sounds like the company tries to circumvent any kind of negotiations by hiding it in the fine print of a "Laufzettel". – kapex Jun 21 '19 at 22:06

score 35 · Answer 3 · answered Jun 19 '19 at 13:14

35

I think the key question here is "Does this authorize the company to write new e-mails using your e-mail address even if you don't work there anymore". The wording (even in German) isn't entirely clear on that.

"Ferner bestätige ich, dass (der Betrieb) ab sofort uneingeschränkt berechtigt ist, meinen E-Mail-Account zu nutzen."

Technically that gives them unrestricted use of your e-mail account which could include "impersonating" you in future correspondence. While that would unusual and rare, I've actually seen it happening.

You should ask for clarification. Your company as full access to all your existing e-mails anyway but you should insist on adding a statement that the company should close the account and is not allowed to write new e-mails in your name.

answered Jun 19 '19 at 13:14

Hilmar

120,104
36
233
374

9
No, they do not need your help to access the email address they can do that without you. 2. They could but must not impersonate you, that would be fraud. 3. I've never heard that there is any obligation to close business email addresses if an employee leaves. They can forward emails forever if they want. --- The signature is most likely collected because of privacy law reasons to avoid that you sue them.

Chris

Jun 19 '19 at 18:19

8

@Chris There is such an obligation, because this is Germany and Germany has laws that create such an obligation. – Please stop being evil Jun 19 '19 at 22:14

@TheDarkWanderer Do you have any reference for that? – Chris Jun 20 '19 at 08:07

@Chris See the answer from SZCZERZO KŁY (currently above) which refers to this obligation. – Martin Bonner supports Monica Jun 20 '19 at 14:01

@MartinBonner There is no reference in that answer and no source for the quote. – Chris Jun 20 '19 at 17:14

1

@Chris - "No, they do not need your help to access the email address they can do that without you" - well, yes, they technically may be able to do that, but it's fucking illegal in Germany. – Davor Jun 21 '19 at 15:20

1

@Davor No, it is not illegal. They can access the emails together with the Datenschutzbeauftragter, if there is a business reason. Also the part about impersonation is plainly wrong. This question is attracting a lot of "Halbwissen" and would better fit on Law.SE. – Chris Jun 22 '19 at 13:20

@Chris so then there is no reason for them to ask for a exception then? – joojaa Jun 22 '19 at 13:32

@joojaa I didn't say that. I'm only saying that this answer is completely wrong. – Chris Jun 22 '19 at 13:55

@Chris yeah, but im just pointing out that under no real situation does the company "need" this paper signed. They just either missguided or trying to make their life a little easier, in either case there is no upside signing this. We have done this for a suddenly dead worker it was a pain but not really a big deal. – joojaa Jun 22 '19 at 14:57

@joojaa depending on the concrete context which we don't know, there can be the upside of not being a dick and thus getting goodwill. In most cases there is no downside to it either and I don't see a reason to assume something nefarious behind this either. There isn't a reason to impersonate OP unless in very specific scenarios and most of those could be countered by sending a goodbye mail to OP's contacts. So the most likely scenario is that they want to ensure they have access to the mails and that this is clear to everyone. OP seems to have no problem with that so no downside, only upsides. – Frank Hopkins Jun 24 '19 at 09:15

score 32 · Accepted Answer · answered Jun 19 '19 at 14:38

32

Question: Is this common practice in Germany, or anywhere for that matter? Should I sign this thing at all? What do I have to lose, or to gain?

Whether this practice is common or not, don't sign anything. Simply return all the physical materials and do not alter/destroy any electronic materials. If they want to use your mail account for any ( legal ) reason, that is within their rights as it is their property.

The bottom line, don't sign the document, you gain nothing from doing so.

answered Jun 19 '19 at 14:38

sf02

78,950
39
179
252

4

Don't you gain goodwill? And avoid corporate suspicion? Both of which could help you in regards to references, and any other leaving arrangements. – gidds Jun 19 '19 at 16:21
8

@gidds These sorts of "exit documents" only help the company, they are nothing more than CYA documents for the company. The employee, usually ends up unknowingly signing away some of their rights by signing these documents. Its a good thing that the OP read the document as most people do not. – sf02 Jun 19 '19 at 20:38
9

"that is within their rights as it is their property." - this is false in Germany. Literally every answer here is wrong as they start from AMerican assumption of employees not having rights. – Davor Jun 21 '19 at 15:21
1

I accepted this answer because it includes what I did. I told the nice HR lady I am not willing to sign it, but I want her to sign another paper that I returned everything. She did what I asked for, and I didn't get any message until now about not signing it. – Pudora Aug 22 '19 at 12:42

score 23 · Answer 5 · answered Jun 20 '19 at 03:26

If I was being asked to sign a legal document, the first question I would ask is "what do I gain from signing this?"

If the answer is nothing, or something like "it's just a formality", then be very wary.

I worked at an IT company some years ago and on my last day they asked me to sign a document which would have the effect of making any work I did during my employment, both within and outside work, their property.

My first question was what were they willing to offer me to sign it. When the manager responded that it's just a formality, they weren't offering me anything to sign it, and I was just expected to sign it, then I responded that in that case if it's "just a formality" then it didn't really matter if I didn't sign it. He wasn't happy, but there was absolutely nothing he could do about it.

Lesson for them: next time put it up front in the employment contract. That is the document which sets out the conditions of the agreement under which you are employed and compensated.

Lesson for me and you: always be wary of signing documents. An agreement which disadvantages you without any compensation is not in your best interest.

score 11 · Answer 6 · answered Jun 19 '19 at 20:32

When quitting, sign nothing without contacting a lawyer. You can never know of every pitfall that might be there. If you can´t afford one, don´t sign.

I`m from Germany too, and left my longtime employer quite recently. I didn´t have to sign anything - it was a very fair employer. I read a lot about leaving, though, and there are quite a few tricks going on in Germany (and maybe somewhere else, too), for example letting you sign "all further claims satisfied" ("alle Ansprüche abgegolten"), which means you won´t get things like holiday pay (Urlaubsgeld) or profit-sharing (Gewinnbeteiligung) if it would have to be paid after your leaving. Having to sign anything after quitting would leave me suspicious because of such bad practices buzzing around. It should be the other way round - them signing you left everything behind that has to be left, as a confirmation they don´t have any claims on you.

You should copy the form and let them sign it, just for your reference. Just in case, you know.

Now to the mail account:

My former boss asked me if I was ok with them "using" my content (only orally - no signature). When I said yes, he asked me to delete every private mail from the account. I answered but I don´t have any - I always respected the company rules of not using the mail account privately. He told me he´s not interested if I used it privately, but if I did, please clean up.

One thing I did to prevent him (and others) from having to write any mails using my mail account was leaving the account with a delegate rule - an auto answer with vaguely following content:

I´m out of office. For information on current projects please contact the respective project leader. For all other requests please contact my team leader.

I informed my former boss of doing so, so he knows he doesn´t have to "use" my mail account for writing, as every potential contact is already informed.

And if he really needs to consult a lawyer, then they need to pay him extra for doing that. Lawyers are not cheap. And his time is not free either. He could be using that time to play video games, or watch a movie. I'm sure the last thing he wants to do is hunt down an employment lawyer. — Stephan Branczyk, Jun 20 '19 at 04:04
@StephanBranczyk he doesn't need a lawyer. If he wants one that's his problem, not his employer's problem. — jwenting, Jun 20 '19 at 04:13
@jwenting, Agreed. And he doesn't need to sign anything. Them wanting him to sign that piece of paper is their problem, not his. — Stephan Branczyk, Jun 20 '19 at 04:16

Stilez · Answer 7 · 2019-06-20T18:48:31.090

I can't say if this is usual or any problem with it. But I can suggest how I would solve the underlying issue.

From time to time, like everyone, I have had prewritten contracts or documents to sign. Sometimes a clause worries me. In that case, I write next to it, anything important, then sign. They might not like it, or claim it can't be done, but if I do it and present it as "done", they usually allow it by default.

In this case I would simply write next to it, "** but not to send emails purporting to be from me, or impersonating me" (or whatever your concern is). Then I'd sign and keep a copy or photo for my own records, happy that my concern was taken care of.

The odds are good that anyone seeing it, will see it is commonsense and harmless, and at most feel you are over worrying. Which is fine, it's your peace of mind that matters, not theirs, so let them think that, and tell them it is your worry, not theirs, and that's how it is.

As for the very private work emails, you are leaving. It's their choice what happens to these, not yours. If it is a real concern, mention it to your manager, and let him handle that aspect. It's no longer yours to control after you leave.

score 5 · Answer 8 · answered Jun 21 '19 at 07:35

AFAIK in Germany the law says that the employer has the right to access any e-mails on the corporate account that you have written or received, unless they can readily identify the message as private. This is of course a big pitfall for the employer: if one of your colleagues is given access to your mail after you leave, they should be able to use it efficiently. If they are searching for e.g. an invoice, they will have to carefully check the subject of every e-mail before opening it (so that they don't accidentally open an e-mail with invoices for your personal stuff), and that of course takes a lot of time.

Different employers deal with this regulation differently. Mine made me sign a form which says I will keep my private e-mails in a separate folder with immediately recognizable name like "Privat", and give them the right to search everywhere else. Needless to say, they made me sign this form when I got my account, so that rules have been clear from the start. Your employer screwed that up a bit, and now they want to make things right retroactively by making you give up a bit of your rights.

Of course there's no law that obliges you to sign a document when you leave the company, else there woundn't be a need to ask for a signature. However, if you don't have any messages in your corporate main that you rather wouldn't disclose (and you shouldn't!), my advice is to cooperate and sign the form. Your employer has good reasons to ask for it, and cooperating will play in your advantage if you ever need recommendations from them.

If you do have personal stuff in your mailbox that you'd rather have removed, approach HR and tell them that. Chances are that they will be happy to give you access to your mailbox so that you can clean that up.

Disclamer: I'm not a lawyer but I used to play one on TV.

haha, love the last line... "Not a lawyer, but I can convincingly look and sound like one" ;) I'd add, if you still have access to the account, this might also be a simple request to clean it up accordingly and remove any private stuff, so you feel comfortable enough to hand it over. — Frank Hopkins, Jun 21 '19 at 22:15

score 2 · Answer 9 · answered Jun 20 '19 at 16:47

Personally I would refuse to sign anything as a condition for quitting. My first thought is that they are lawfully allowed to view and inspect properties they own with email accounts being one of them.

I confirm that (company) is allowed to use my mail account unrestricted. This includes viewing all mails and using all messages for business Correspondence

I highlighted bold the concerning part for me. What exactly does "my mail" mean? Company emails are by definition not "my mail" but "company's mail." If this is verbatim copy of their contract, I would refuse since the term "my mail" is left unrestricted. They own the "company mail" so it was never "my mail." Do they mean they can impersonate you? Or simply view contents of your work email that they own?

Is this common practice in Germany, or anywhere for that matter? Should I sign this thing at all? What do I have to lose, or to gain?

Yes last company I left has my email account. What my company does is simply use to to see if I have any cron jobs or emails that are only sent to my account then go hunt the script down to change the email. It's rare this happens but in the past, we had one worker left and he left a job running and once we changed server we realized it was critical and since he only got the email, nobody knew.

score 2 · Answer 10 · answered Jun 21 '19 at 06:12

Let's face the elephant in the room which everyone is ignoring.

The HR Person didn't tell me to look at the fine print either. She just said it is for the physical stuff I have from the company.

Assuming you were told exactly as you said. The electronic mailbox is not physical stuff. HR is being incompetent (don't think so) or lying (most likely). They are being sneaky, trying to get you to sign something without you noticing it.

If it was such a non-issue, why not being open and talking about it directly? Beware.

So, don't trust them. Tread carefully. Do not sign anything at all unless you have a very good reason to sign. You gain nothing from signing this. If things go really wrong and you find yourself in a trial you will regret having signed this since it will strengthen their position. If things go well you won't regret not having signed this.

score 1 · Answer 11 · answered Jun 20 '19 at 15:01

With the addition of GDPR which affects you, one of the rights you have is the "right to be forgotten".

If you have any personal emails you can ask for this to be excluded and deleted from backups. Any email that is personal in any shape or form you can have excluded.

If the emails you are concerned about are regarding your team's work and not regarding specific members of your team on a personal level, then the company has the right to use them. Any emails that may contain personal information from your colleagues or anything like that you can also request to have deleted and forgotten.

Other than that, this seems above board to me. They won't be able to use your email address other than set up the usual "out of the business" auto reply.

score 1 · Answer 12 · answered Jun 23 '19 at 23:27

1

Ask your Betriebsrat (working council).

They will know what "Betribsvereinbarungen" are in effect
They will know what the legal situation or refer you to a lawyer
Until then: What happens if you cross don't sign, or cross the paragraph out and sign?

This is probably less a thing about GDPR, but more about a few other laws.

answered Jun 23 '19 at 23:27

Sascha

17,910
2
39
67

We sadly don't have a Betriebsrat. After reading all answers and commetns here I kinda don't wan't to sign it at all anymore. The company has nothing left to offer me for signing anything. The only thing they still have to write is the "Arbeitszeugnis". And if they already have the right to use my account, why would they need a signature? – Pudora Jun 24 '19 at 07:54

score 0 · Answer 13 · answered Jun 19 '19 at 16:14

0

"I confirm that (company) is allowed to use my mail account unrestricted. This includes viewing all mails and using all messages for business Correspondence"

I think the best thing to reply is, "Ok, I will audit the entire mail history and remove any personal emails that happened to be here before I sign this." This will lead to a lot of debate over the matter where they will try to claim they have the right to the whole thing anyway, which is not actually true. They probably don't want you going through and deleting a bunch of stuff to sabotage them so they will be leery about actually granting this.

In fact this happens a lot where the work email gets used for some personal use because it's monitored during work hours. That doesn't make all the emails therein the company's. We generally have rules the other way around about sysadmins not snooping in employees email accounts. These rules make sense because it's not solely the company's stuff in there.

If the company really wants the rule to be all the email is the company's and all of it is available for company inspection at will, this is the kind of thing that needs to be disclosed on the first day, not the last day.

Full Disclosure: My employer keeps ex-employee mailboxes around and keyword-searches them as needed. The person doing the searching is trusted to not read sensitive stuff and other miscellaneous browsing but only find the material required and use good quality filters to avoid seeing sensitive stuff in subject lines. The actual need to do this comes up only a few times per year, and only a few trusted employees have the power and there's never been an incident of abuse (small company).

answered Jun 19 '19 at 16:14

Joshua

636
6
14

wrong on so many counts. The content of your work email box belongs to the company. Every company I ever worked for has reiterated that in their entry briefing for new employees (and sometimes juniors seem surprised about that) and not to use that corporate account for private communications. – jwenting Jun 20 '19 at 04:14
@jwenting: Middle of the third paragraph: first day, not last day. My interpretation of the question is this comes as a surprise to him on the last day. – Joshua Jun 20 '19 at 14:02
2

@jwenting: I guess you never worked in Germany? German law says that employees are entitled to use their work emails for private purposes, and that employers must respect the privacy of these private emails. It's a whole different world here! – Martin Bonner supports Monica Jun 20 '19 at 14:04
@MartinBonner which doesn't mean the employer doesn't get access to the account. It just means they have to purge private communications from it when the employee leaves the company. That's GDPR basically, which I'm well familiar with as it's giving the projects I'm working on no amount of headaches. – jwenting Jun 21 '19 at 03:17
3

@MartinBonner German law does not state that, what it says is the company can agree or disagree to allow its employees to use internet/email for personal use. If i agrees and wants to monitor it, then it must include in there "contracts" the details of such monitoring. It must also give the employee an opt out, but if they do opt out the company are entitled to withdraw the right of personal usage – Drifter104 Jun 21 '19 at 10:47
1

@Martin Bonner: I definitely worked in Germany and definitely had no right to use my mail account for private purposes. As Joshua states correctly: this was defined in the "Betriebsvereinbarung" - which I had to sign the very first day I started there. Also no right to use the PC, internet or anything else for private purposes. I even had a PIN for my phone to use for private calls, so they could bill (!!!) any private phone call (at a horrible rate - in 2019!!) See my answer: in the end my boss wasn´t interested if I respected the rule - GDPR still valid if you break the rules, of course. – Jessica Jun 21 '19 at 13:14
@jwenting: "Every company I ever worked for has reiterated (...) not to use that corporate account for private communications" - reading that, I wonder whether your work experience is representative of the OP's situation. I concede my own experience is just as anecdotal as yours, but my personal observation is that private use of corporate e-mail accounts is commonplace here in Germany, to the point that surprisingly often, people will, when asked for an e-mail address in a private context, give you their work e-mail, as if they didn't even have or use any other account. Of course, it's ... – O. R. Mapper Jun 21 '19 at 21:35
... entirely possible plenty of employees in Germany simply ignore rules not to use their corporate accounts for private communication, but then, the one random sample I can check right now - my own workplace - explicitly grants usage of the company's IT resources for private purposes to a certain degree in their rules of usage. Coincidence? Maybe. Or maybe work culture is really considerably different here than what you are used to. – O. R. Mapper Jun 21 '19 at 21:35
@O.R.Mapper here in the Netherlands people rarely seem to use work accounts for private use. Companies don't explicitly disallow it, but people tend to not want to mix work and private if they can avoid it. Ordering something private from Amazon to be delivered at work is quite common though, avoids having packages bounce, and most companies have no problem with it. – jwenting Jun 24 '19 at 05:38

Gray Sheep · Answer 14 · 2019-07-03T23:12:21.877

They are not allowed, except...

The problem is that the employer is not allowed to see your private communication with others. Yes, they are allowed to see the communication of their company mailbox, but they are not allowed to see the possible private communication what you did there. If you did not sign some paper, that you won't use your company mailbox for private communication (or that you allow them to see it if you did), then they have nothing to guarantee that they did not see your private mails.

By my German employer, all the mailboxes, company laptops and so on, are completely deleted, without even checking their content, if someone leaves us. There is still a strong company security, but it works on proactive and not on retroactive ways.

Other employers - particularly big companies - are enough hostile to even log your https traffic. I don't know, how would they react for a vpn-over-https double encryption, but possibly they would interpret it as a hack attempt. Its most likely consequence: firing on the spot, on a nothing-saying reason (they don't want "skandal", they would want to eliminate you ASAP). However, they pay quite well, compared to some neighbouring regions/countries, so it is better to not play network eavesdrop games with them. Instead, be happy on your bank account everytime as your money arrives, and try to motivate them to employ you long term. And never, never do anything what could awake the sleeping lion.

Use your private mailbox for private communication. Probably you can't do it on a way that they won't see it (and should not invest effort to make it better protected - focus on to make your job better protected by good work), but they can't eavesdrop it without you would know it.

Employer wants to use my work email account after I quit, is this legal under German law? Is this a GDPR waiver?

14 Answers14