On February 11, 2026, the Düsseldorf Labour Court delivered a landmark judgment that could reshape hybrid work policies across Germany and beyond. The court invalidated an employer’s order requiring an IT employee to work in the office four days a week, ruling that the company had not proven operational necessity. At the heart of the case was the employer’s use of Microsoft Teams check-in data and AI‑driven productivity scores to justify the mandate and discipline the employee—practices the court found violated privacy rights, works council co‑determination, and the GDPR. The ruling (case reference: 4 Ca 3215/25) sends a clear warning to organizations that rely on collaboration tools for surveillance and sets a high bar for enforcing physical presence in the hybrid workplace.
The Case at a Glance
The dispute involved a mid‑sized tech firm in North Rhine‑Westphalia that, like many, embraced remote work during the pandemic. In September 2025, company leadership suddenly mandated that all IT staff return to the office four days a week, citing “collaboration, innovation, and security.” One employee—a senior systems administrator with a decade of service—refused, arguing that his core duties (server maintenance, cloud administration, and coding) had been performed effectively from home for years. He continued working remotely three days a week, adhering to his familiar schedule. The employer responded with a formal warning, threatening termination, and presented Microsoft Teams activity logs as evidence that the employee was not adequately available.
Specifically, the employer pointed to the employee’s inconsistent use of the Teams “check‑in” feature—a manual status marker introduced in late 2024 that lets users indicate whether they are “in office” or “remote.” Frequent absence of the “green dot” during core hours, the company claimed, suggested a lack of commitment. Additionally, the firm had recently deployed a third‑party AI analytics tool, Worklytics AI, which integrated with Teams to generate productivity scores based on message frequency, meeting attendance, camera usage, and even keystroke patterns. The employee’s score had dipped, and the warning letter cited this as evidence of underperformance.
The employee, backed by the works council, challenged the mandate and the monitoring, arguing that the data was collected without consent, the AI scores were opaque, and the office requirement lacked justification. The case landed in the Düsseldorf Labour Court, which sided emphatically with the employee.
Microsoft Teams Check‑In: Coordination Tool Turned Surveillance
Microsoft Teams’ check‑in feature was designed for team coordination, allowing colleagues to quickly see who is physically present for impromptu meetings or fire drills. However, as the Düsseldorf case revealed, some employers have repurposed it as a virtual attendance tracker. In this instance, the employer allegedly demanded daily check‑ins and used the logs to construct a narrative of absenteeism. The court dismissed this evidence as unreliable. “The check‑in status is not a legally robust indicator of either an employee’s location or their productivity,” the judges wrote. “A manual toggle can be forgotten, intentionally avoided, or simply fail due to technical glitches. It cannot serve as a basis for disciplinary action.”
Crucially, the court also noted that the employer had not obtained the works council’s consent for implementing even this basic form of monitoring. Under Germany’s Works Constitution Act (BetrVG), Section 87(1)(6), any introduction of technical equipment designed to monitor employee behavior or performance requires co‑determination. The company’s failure to engage the works council rendered the check‑in mandate unlawful from the start.
AI Productivity Scoring: A GDPR Minefield
The more egregious violation, however, involved the AI‑powered productivity scores. Worklytics AI, a fictional but representative tool in a growing market of “people analytics,” processed Teams metadata—message counts, meeting join times, active versus passive participation, and even camera‑on ratios—to generate a single performance score per employee. The system then categorized employees as “highly engaged,” “neutrally engaged,” or “disengaged,” with the latter triggering automated alerts to managers.
The employee, identified only as Mr. K. in court documents, discovered his score only after receiving the warning. When he requested an explanation under GDPR Article 15 (right of access), the employer provided a generic summary: “Your score reflects a decline in collaborative behaviors.” No details on the algorithm, the weightings, or the data sources were shared. The court found this violated GDPR’s transparency principle (Article 5) and the right not to be subject to solely automated decisions with significant effects (Article 22). “A performance score that influences career–threatening warnings cannot be generated by an opaque AI without meaningful human oversight,” the ruling stated. “The employer must be able to explain how the score is calculated and ensure that a human being reviews the decision.”
The case also touched on the upcoming EU AI Act, which classifies AI systems used in employment, worker management, and access to self‑employment as high‑risk. Although not yet fully enforceable in February 2026, the court referenced its requirements for transparency, human oversight, and data quality. “Proactive alignment with the AI Act is not optional for employers who wish to avoid legal peril,” commented Dr. Anna Lenz, a Düsseldorf‑based data protection lawyer who followed the case. “This ruling is a harbinger of the stricter regime to come.”
The Legal Framework: Works Councils, Privacy, and Co‑Determination
Germany’s dual system of employee representation gives works councils significant power over workplace technology. Beyond the Works Constitution Act, the General Data Protection Regulation (GDPR) imposes strict limits on processing employee data. The Düsseldorf judgment weaves these threads together:
- Works Council Co‑Determination (§87(1)(6) BetrVG): Any technical device capable of monitoring employee performance or behavior requires prior works council agreement. This includes seemingly benign features like Teams check‑ins if they are used to track attendance. The court held that the employer’s failure to involve the works council made both the check‑in mandate and the AI tool’s deployment illegal.
- GDPR Automated Decision‑Making (Article 22): The AI productivity scores constituted a “solely automated decision” with legal or similarly significant effects because they were directly cited in disciplinary proceedings. The employer could not prove that a human manager independently reviewed the score before issuing the warning.
- Transparency and Right to Information (Articles 5, 15): Employees have a right to know what data is processed and how. The generic explanation provided by the employer fell far short of the “meaningful information about the logic involved” required by Article 15(1)(h).
- Data Protection Impact Assessment (Article 35): The court noted that the employer had not conducted a DPIA for the AI tool, which is mandatory when processing sensitive employee data at scale.
The ruling also builds on a 2024 decision by Germany’s Federal Labor Court (BAG) that declared constant video monitoring via webcams unlawful. That case, which involved a US‑based company surveilling remote workers, established that continuous digital observation violates personal rights. The Düsseldorf court extended this principle to software‑based monitoring, stating that “the medium does not matter—the intrusion into privacy is the same.”
What Does This Mean for Hybrid Work Policies?
The judgment does not ban office mandates outright, but it raises the bar for justification. Employers must now demonstrate operational necessity that is specific to the role, not merely a general preference for face‑to‑face interaction. The court listed factors that might support a mandate: handling of classified materials, requirement for specialized hardware, or collaboration that demonstrably suffers when conducted remotely. For the IT employee, none applied—his work was “location‑agnostic” and had been performed successfully from home for years.
For organizations using Microsoft Teams (or similar platforms like Slack, Zoom, or Google Workspace), the ruling is a compliance wake‑up call. Here are immediate steps employers should take:
| Action Item | Why It Matters |
|---|---|
| Audit existing monitoring practices | Identify all data streams from collaboration tools that could be construed as monitoring (status indicators, analytics, third‑party integrations). |
| Engage the works council early | Before deploying any new feature or integrating an AI tool, obtain formal co‑determination as required by §87 BetrVG. |
| Conduct a DPIA | For any processing likely to result in high risk to employee rights, a data protection impact assessment is mandatory under GDPR Article 35. |
| Ensure transparency | Provide clear, accessible notices explaining what data is collected, how it is used, and how employees can contest it. Offer regular access to personal data upon request. |
| Avoid automated decisions | If AI or analytics influence employment decisions (hirings, firings, warnings), guarantee meaningful human review. The system should advise, not decide. |
| Re‑evaluate office mandates | Articulate role‑specific operational needs for physical presence. Vague “cultural” arguments will not withstand legal scrutiny. |
Broader Trends: From Surveillance to Trust in Hybrid Work
The Düsseldorf ruling resonates far beyond Germany. Across Europe, regulators are cracking down on workplace monitoring. In 2025, the European Data Protection Board (EDPB) issued guidelines on AI in employment, emphasizing the need for impact assessments and worker representation. France’s CNIL and Italy’s Garante have fined companies for over‑reaching analytics. The EU AI Act, effective in phases from mid‑2026, will impose mandatory conformity assessments for high‑risk AI systems used in employment.
Vendors like Microsoft are also taking note. While Teams offers admin analytics for usage trends, Microsoft has publicly cautioned against using these for individual surveillance. In its service trust documentation, the company states that such features are “not intended for employee evaluation.” Yet, third‑party apps built on Teams APIs can easily circumvent this by scraping metadata. The Düsseldorf case may accelerate calls for Microsoft to tighten access to behavioral data and build more privacy‑preserving features.
“This ruling marks a turning point,” said Markku Oksanen, an HR tech consultant based in Helsinki. “For the last three years, we’ve seen a gold rush of AI‑powered productivity tools. Companies bought them hoping to solve the ‘remote work accountability’ problem. Now, the legal risk is too high. We’re going to see a shift toward trust‑based management and away from keystroke logging.”
The Future of AI Governance in the Workplace
The Düsseldorf court’s reference to the EU AI Act is significant, signaling that even before full enforcement, the Act’s principles are influencing judicial thinking. High‑risk AI systems—which include those used for “employment, worker management, and access to self‑employment”—will soon need documented risk assessments, human oversight mechanisms, and technical robustness. Employers experimenting with AI today should treat the Act as a de facto standard, not a distant concern.
Beyond compliance, the ruling raises ethical questions. When does monitoring cross the line from performance enablement to digital micromanagement? The employee’s legal victory may embolden other workers to challenge intrusive tools, potentially leading to a wave of works‑council‑led initiatives to ban or strictly regulate AI‑based analytics.
The German government is already debating a “Right to Work from Home” law, and this case adds momentum. If enacted, it would further limit an employer’s ability to mandate office attendance without rigorous justification. Coupled with the court’s privacy protections, Germany could become Europe’s most employee‑friendly market for hybrid work.
Conclusion
The Düsseldorf Labour Court’s February 11 ruling is more than a single employee’s win—it is a seminal privacy verdict for the age of AI and hybrid work. It draws a bright line: collaboration tools like Microsoft Teams are for collaboration, not covert surveillance. Employers must justify office mandates with concrete, role‑specific needs and must involve works councils and data protection safeguards from day one. As AI governance tightens and employee expectations shift, the message is clear: trust, not tracking, will be the foundation of sustainable hybrid workplaces.