Telecommunications Privacy No Longer Applies to Employees' Personal Email Use

In a significant shift in the interpretation of privacy laws in Germany, the Federal Network Agency (Bundesnetzagentur) has clarified that the telecommunications secrecy law does not apply when employees use company email accounts for personal purposes. This decision challenges the previously held view by many, including the Data Protection Conference of the Federal and State Governments (DSK), which suggested that employers allowing personal use of corporate email systems are considered telecommunications service providers.

Under the previous understanding, employees' personal communications via company email would be protected by the telecommunications secrecy law, prohibiting employers from monitoring these messages. Violating this law could potentially lead to criminal charges under Section 206 of the German Penal Code. However, the recent guidance from the Bundesnetzagentur presents a different perspective.

The agency asserts that arrangements made between employers and employees, such as providing email accounts for personal use, do not fall within the framework of telecommunications services as defined by law. The key distinction made by the agency is that such services typically must be provided for a fee, while offering email accounts is considered a tool for work rather than a commercial transaction. Even if employees use these accounts for personal matters, the employer does not aim for a business advantage or charge fees for this service.

As a result, employers are now required only to comply with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Consequently, the stringent criminal prohibitions associated with telecommunications secrecy do not apply, though employers still have obligations regarding the handling of personal data that may limit their ability to oversee private communications.

Legal experts note that this trend indicates an increasing acceptance that telecommunications secrecy does not pertain to employees' personal use of company email accounts. This clarification provides employers with greater certainty and diminishes the risk of criminal prosecution. Notably, the Data Protection Officer of North Rhine-Westphalia, Bettina Gauyk, had previously expressed a similar stance, indicating in her 2024 annual report that telecommunications secrecy should not apply in these contexts. The collective of state data protection authorities has yet to issue a formal response to this evolving interpretation.