Logo des Repositoriums

Legal Requirements and Technical Metrics for Controlling Privacy of Employees’ Location Data

Vorschaubild nicht verfügbar

Volltext URI


Text/Workshop Paper





ISSN der Zeitschrift





Companies usually store a lot of personal data about their employees. Metrics for automated verification of the compliance with the data minimization and storage limitation requirements provided in the General Data Protection Regulation (GDPR) can help companies meet their monitoring obligations. Furthermore, employees can monitor the processing of their personal data and verify that the processing of their personal data is lawful. In particular, metrics can be used to monitor complex data privacy requirements such as the data minimization or storage limitation. For this purpose, suitable data sources are combined in a meaningful way to obtain indicators of data protection. This paper outlines basic metrics for an application scenario from the field of agile workforce management in logistics. The metrics are intended to verify compliance when processing real-time location data for rescheduling employees. To this end, the local logistics and workforce management system is supplemented by a proxy server and a metrics service – two trusted components within the logistics enterprise network. In particular, the metrics system prevents the internal company network from directly accessing employee location data. Depending on the role in the company (e. g., data subject, management, works council, data protection officer), it can provide different sets of metrics on current data protection.


Waldmann, Ulrich; Kunz, Thomas; Schleper, Janine; Kohn, Matthias; Pesch, Paulina Jo (2023): Legal Requirements and Technical Metrics for Controlling Privacy of Employees’ Location Data. Mensch und Computer 2023 - Workshopband. DOI: 10.18420/muc2023-mci-ws11-364. GI. MCI-WS11: 9. Usable Security und Privacy Workshop. Rapperswil. 3.-6. September 2023