H&M has been fined a “record” fine of 35.26 million euros (41.56 million US dollars) in connection with the illegal employee surveillance model in Germany. According to a recent ruling by the Hamburg Data Protection Commission, the fast-moving Swedish hippo is ready to monitor several hundred employees at its service center in Nuremberg. Several employees have been the subject of extensive personal data logging since 2014. All of this was discovered in the context of a security breach that was documented a year ago.
The breach that occurred at its Nuremberg service center in October 2019 highlighted the current H&M information collection and storage practices for employees who have violated at least some provisions of the General Data Protection Regulation (GDPR). The European Regulation on the protection of personal data throughout the Union, namely Article 5, which regulates the processing of personal data, and Article 6, which establishes a specific purpose for the lawful processing of private information.
“After being absent due to illness and vacation, the heads of the supervisory team at H&M held so-called” Welcome Talks with their employees,” according to a Hamburg Data Protection Commission decision on October 1. “After this discussion, in most cases, not only were specific experiences with employee holidays” recorded by senior employees at H&M according to the data protection commission but “also symptoms of illness and diagnosis. “
Given the gravity of the offense, the fine – the highest penalty imposed on Forbes in Germany under the GDPR since its implementation in May 2018, and the second-highest in the entire European Union – is appropriate and effectively deters companies from protecting their privacy, injuring employees “, said Prof. Caspar.
The fines themselves are calculated according to a concept developed by the German data protection regulations to calculate GDPR fines and take into account, among other things, the income of the companies concerned. Although currently only a purely German concept was introduced and discussed as part of harmonization efforts at the European level.Â