AI in HR: Promise or loss of control?
On 12 November 2025, experts from academia and in-dustry discussed the responsible use of artificial intelligence (AI) in the employment context at the hybrid RDV Forum in Cologne. The event highlighted possible appli-cation scenarios from HR practice and addressed the opportunities and possibilities of such systems as well as the legal challenges and risks.
To kick things off, Prof. Dr. Wilhelm Mülder (lecturer, consultant and specialist author in the field of HR and IT, author of HR Performance, Essen) showed how AI is already changing application processes and HR communication, among other things. AI enables new forms of employer branding and increases productivity in human resources – but it reaches its limits when transparency, data bases, ethical and legal aspects are not sufficiently taken into account. ‘AI should not be taught to think like humans – but how to create opportunities,’ empha-sised Mülder.
Prof. Dr Rolf Schwartmann (Head of the Cologne Research Centre for Media Law, TH Cologne, and Chairman of the Board of GDD e.V., Bonn) emphasised that com-panies operating AI systems must ensure that their em-ployees have sufficient AI expertise and presented specific minimum requirements to ensure the legally compliant and responsible use of AI.
Mattias Ruchhöft (Managing Director of dtb – Daten-schutz- und Technologieberatung GmbH & Co. KG, Zierenberg) examined the use of AI from the perspective of works council and staff council co-determination. He highlighted the relevant topics and participation rights from the perspective of employee representation and made it clear that, in his opinion, the successful use of AI is only possible if employee representatives are in-volved from the outset.
Dr Dominik Roderburg (judge and rapporteur in the ‘Meta-AI decision’ of the Higher Regional Court of Co-logne) spoke about the tension between data protection and the training of AI systems. From the perspective of the deciding senate at the Higher Regional Court of Cologne, a careful weighing of interests and a risk assessment were decisive for information that is classified as particularly sensitive within the meaning of the GDPR. Roderburg pointed out that the AI Regulation explicitly recognises that AI training can only be carried out on the basis of large amounts of data (‘data masses’) and that anonymisation is often not possible in practice.
Robert Räuchle (Head of the Policy Development Team (D2) at the Digital Working Society Think Tank, Federal Ministry of Labour and Social Affairs, Berlin) reported on the current status of the German government's plans to create an Employee Data Act. Räuchle emphasised that the draft bill currently under discussion is only an unofficial leak and not an officially published docu-ment. The planned regulations are currently still being coordinated between the various departments. The aim is to create a comprehensive and technology-neutral draft regulation that complies with the case law of the European Court of Justice and the Federal Labour Court. According to Räuchle, the weighing of interests in the context of examining the necessity of data processing for employment purposes is to be specified by means of a non-exhaustive legal catalogue of weighing criteria.
Prof. Dr Gregor Thüsing, LL.M. (Harvard) (Institute for Labour Law and Social Security Law at the University of Bonn, GDD Executive Board, Bonn) explained that the regulatory powers of the parties to the works council with regard to data protection are severely restricted in view of the ECJ ruling in case C-65/23 at the end of 2024. Irrespective of this, the limits of the works coun-cil's competence must be respected: for example, the works council cannot regulate the processing of applicant data or that of senior executives.
At the end of the RDV Forum, Tim Wybitul (partner at Latham & Watkins LLP, Frankfurt am Main) summarised the ECJ case law on damages for data protection viola-tions and their consequences for corporate practice. His conclusion: effective data protection compliance, up-to-date security standards and careful documentation remain the best defence against liability risks.
The RDV Forum is the annual conference of the special-ist journal for data protection and digitisation, Recht der Datenverarbeitung (RDV). RDV is co-published and edited by the German Association for Data Protection and Data Security (GDD) in Bonn.