Unic Press UK: Hennes & Mauritz AB (H&M) has been fined €35,258,707.95 – approximately $41.45M or £31.99M – for data protection violations in a H&M service center located in Nuremberg, Germany.
In a press release last week, the German watchdog, HmbBfDI, said:
“… the Hamburg representative for data protection and freedom of information (HmbBfDI) has a fine of 35,258,707.95 euros against the H&M Hennes & Mauritz online shop AB & Co. KG issued. Since at least 2014, some of the employees have had extensive records of private living conditions. Corresponding notes were saved permanently on a network drive. After vacation and illness absences – even short ones – the superiors team leaders held a so-called Welcome Back Talk. After these discussions, not only were specific vacation experiences of the employees recorded, but also symptoms of illness and diagnoses. In addition, some superiors acquired a broad knowledge of the private life of their employees through one-on-one and corridor discussions, which ranged from harmless details to family problems and religious beliefs. The findings were partially recorded, stored digitally and were sometimes readable by up to 50 other managers throughout the company. The recordings were sometimes made with a high level of detail and updated over time.”
H&M has apologised expressly to the people affected, and follows the suggestion to pay the employees a considerable amount of non-bureaucratic damages, the HmbBfDI said.
Prof. Dr. Johannes Caspar, the Hamburg commissioner for data protection and freedom of information, said: “The present case documents a serious disregard for employee data protection at the H&M site in Nuremberg. The amount of the fine imposed is appropriate and suitable to deter companies from violating the privacy of their employees.
The €35,258,707.95 fine is the second-largest to be levied against a single company over data protection violations after the EU’s General Data Protection Regulation (GDPR) laws came into force in 2018.
