Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Employee Surveillance Linked to $41m GDPR Fine!

Employee Surveillance Linked to $41m GDPR Fine!

The clothes company H&M is being asked to pay a 35m Euro fine, (roughly $41m), because of a  GDPR violation.

Data protection watchdogs in Germany issued the 2nd largest fine under the General Data Protection Regulation earlier this Oct, fining clothing store H&M €35.2, or $41.1 million, for basically carrying out surveillance on some of its employees.

While some have wondered whether the data protection authorities are issuing sufficient credible enforcement actions, the action is a ‘wake-up call’ that GDPR fines, while perhaps not as common as the industry first expected, can still be significant.

Hamburg Commissioner

The Hamburg Commissioner for Data Protection & Freedom of Information (HmbBfDI) handed the fine down after learning through local media reports last year that an issue at its Customer Service Centre in Nuremberg resulted in the company exposing employee data for a few hours.

When confronted for evidence of the incident, H&M supplied 60GB of files that demonstrated the company had been recording information since 2014.

According to the European Data Protection Board, supervisors at the company recorded data from 100s of employees – the regulator called the data “extensive recordings of the private-life circumstances” – while carrying out informal conversations.

Nuremberg

Supervisors at the Customer Service Centre in Nuremberg recorded data like employee holiday experiences, illnesses, family issues & religious beliefs, & stored it in a database that was readable by up to 50 managers throughout the company.

“The recordings were sometimes made with a high level of detail & recorded over greater periods of time documenting the development of these issues” the EDPB wrote. “The combination of collecting details about their private lives & the recording of their activities led to a particularly intensive encroachment on employees’ civil rights.”

Appropriate

Hamburg’s Data Protection Authority did not know about the data collection until a technical problem with the company’s network in Oct. 2019 made the data accessible company-wide, something that in turn led to media coverage. The authority commented it believes the amount of the fine is ‘appropriate to deter companies from similar privacy violations.’

It’s the largest GDPR fine since CNIL, France’s Data Protection Authority, fined Google 50m Euros in Jan. 2019, alleging the way the company handles ad personalisation violated GDPR.

Personal Data

H&M, admitted the incident shortly after it became public, apologising to its employees, & stressing that its practices for processing employees’ personal data were wrong. The company said earlier this month it was reviewing the fine ‘carefully’, adding that its since made changes as to how it handles data privacy, data cleansing, & stores personal data.

It is too early to know whether policy is actually changing around GDPR fines, but the fact that this is the 2nd highest fine imposed since the regulation’s 2018 creation shows that securing privacy of individuals, particularly employees, is still thought highly critical for regulators.

https://www.cybernewsgroup.co.uk/virtual-conference-november-2020/

SHARE ARTICLE