A new data protection law in Germany will make it harder for companies to implement anti-fraud and corruption controls that involve monitoring employees, according to law firm Clifford Chance.

The amendment to the existing Federal Data Protection Act (known in German as the BDSG) follows a series of scandals in which high-profile German companies were accused of spying on their staff. But a Clifford Chance legal bulletin says the change will complicate companies’ efforts to implement legitimate compliance controls and to investigate questionable employee activity.

“It is becoming increasingly difficult for businesses to ensure that their staff complies with the law and with company policies,” according to the briefing note prepared by the firm.

The revised law, which took effect Sept. 1, states that if a company does not have a legally valid statement of consent, a company can only gather and process personal information about employees in certain limited circumstances. The law describes when such data can be used, but it fails to draw a clear line between permissible compliance and anti-fraud measures and impermissible interference with employee rights, the firm said.

Heiner Hugger, a partner with Clifford Chance in Frankfurt, said new legislation was needed to clarify this grey area, so that companies could ensure any internal investigations were legally compliant. However, it is not clear when or if such a law would be passed, he added.