Hamburg DPA Issues €35.3 Million Fine on H&M
Wednesday, October 7, 2020
Hamburg DPA Issues €35.3 Million Fine on H&M
Print Mail Download i

On October 1, 2020, the Hamburg Data Protection Authority (“DPA”) fined Hennes & Mauritz AB (“H&M”) € 35.3 million for unlawful employee monitoring practices in the company’s service center concerning several hundred employees. According to the DPA’s press release, H&M was maintaining excessive details about employees’ private lives since 2014. This includes notes taken by managers regarding (1) employees’ vacation experiences, illnesses, diagnoses and symptoms as discussed with managers during welcome-back talks after employees’ vacation or sick leave, and (2) information ranging from employees’ family problems to religious beliefs obtained by managers during floor talks. The information was stored digitally and could be read by up to 50 managers throughout the company. According to the DPA, the managers’ notes were sometimes made with a high level of detail and maintained over great periods of time. The press release states that the information was used to evaluate the performance of employees, create employee profiles and make other employment-related decisions.

The data collection was uncovered after the data became accessible company-wide for several hours in October 2019 due to a system configuration error. Following press reports of H&M’s employee monitoring activities, the DPA initiated an investigation and found the records on employees’ private lives. According to the DPA’s press release, H&M adopted remedial measures, including appointing a new Data Protection Coordinator and presenting a plan to the DPA on how data protection will be implemented in the future. In addition, H&M apologized to its employees and stated that it intends to pay compensation to the affected employees.

The DPA viewed positively H&M’s efforts to compensate the affected employees and restore confidence in the company. Ultimately, the DPA determined that the amount of the fine was adequate and effective under the circumstances in order to deter companies from violating employee privacy.

Read the Hamburg DPA’s press release (in English).

Copyright © 2024, Hunton Andrews Kurth LLP. All Rights Reserved.

Current Legal Analysis

More from Hunton Andrews Kurth

A Ban on Noncompete Agreements? FTC Uses Section 5 Against Employers and Proposes Rule to Ban Noncompete Clauses Entirely
by: Kevin Hahm , Leslie W. Kostyshak
Proposed FTC Ban on Non-Competes: Considerations for M&A Transactions
by: Ryan A. Glasgow , Austin Maloney
FTC Final Rule Limiting Non-Competes: Considerations for M&A Transactions
by: Austin Maloney , Jordan G. Sisco
The Federal Trade Commission Issues a Final Rule Banning Most Worker Non-Compete Agreements
by: Ryan A. Glasgow , Jason P. Brown
In Groundbreaking Final Rule, EPA Designates Two PFAS as Hazardous Substances Under CERCLA
by: Paul T. Nyffeler, PhD , Matthew Z. Leopold
CIPL Publishes White Paper on Leveraging Data Responsibly and a Holistic Data Strategy
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
New Bipartisan Federal Privacy Proposal Unveiled: American Privacy Rights Act
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
Recent N.D. Ill. Ruling Upholds Common Interest Doctrine Over Communications Between Biometric Technology Vendors and Customers
by: Julia Y. Trankiem , Torsten M. Kracht
Senators Introduce Stablecoin Bill
by: Scott H. Kimpel
FTC Poised to Finalize Noncompete Rule
by: Katherine Pauly , Kevin Hahm

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins