November 26, 2020

Volume X, Number 331

Advertisement

November 25, 2020

Subscribe to Latest Legal News and Analysis

November 24, 2020

Subscribe to Latest Legal News and Analysis

November 23, 2020

Subscribe to Latest Legal News and Analysis

Hamburg DPA Issues €35.3 Million Fine on H&M

On October 1, 2020, the Hamburg Data Protection Authority (“DPA”) fined Hennes & Mauritz AB (“H&M”) € 35.3 million for unlawful employee monitoring practices in the company’s service center concerning several hundred employees. According to the DPA’s press release, H&M was maintaining excessive details about employees’ private lives since 2014. This includes notes taken by managers regarding (1) employees’ vacation experiences, illnesses, diagnoses and symptoms as discussed with managers during welcome-back talks after employees’ vacation or sick leave, and (2) information ranging from employees’ family problems to religious beliefs obtained by managers during floor talks. The information was stored digitally and could be read by up to 50 managers throughout the company. According to the DPA, the managers’ notes were sometimes made with a high level of detail and maintained over great periods of time. The press release states that the information was used to evaluate the performance of employees, create employee profiles and make other employment-related decisions.

The data collection was uncovered after the data became accessible company-wide for several hours in October 2019 due to a system configuration error. Following press reports of H&M’s employee monitoring activities, the DPA initiated an investigation and found the records on employees’ private lives. According to the DPA’s press release, H&M adopted remedial measures, including appointing a new Data Protection Coordinator and presenting a plan to the DPA on how data protection will be implemented in the future. In addition, H&M apologized to its employees and stated that it intends to pay compensation to the affected employees.

The DPA viewed positively H&M’s efforts to compensate the affected employees and restore confidence in the company. Ultimately, the DPA determined that the amount of the fine was adequate and effective under the circumstances in order to deter companies from violating employee privacy.

Read the Hamburg DPA’s press release (in English).

Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 281
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement