Employee personal data: fine of 35 million euros against H&M in Germany - France 24

Berlin (AFP)

Germany on Thursday imposed an unprecedented fine of 35.3 million euros on the ready-to-wear group H&M, for having recorded private data of certain employees without their knowledge, announced the data protection center of the country Thursday.

"A fine of 35,258,707.95 euros is required against H&M (...) for a case of surveillance of several hundred of its employees," said the Hamburg Data Protection Commission.

This is the largest amount inflicted by Germany on a company in the name of European legislation on the protection of private data (GDPR), since its entry into force in 2018, said a spokesperson for the institution at AFP.

The authorities accuse the ready-to-wear group of having allowed managers of an H&M site in Nuremberg (south) to collect and store information on their employees between 2014 and 2019.

"Some of these superiors have acquired a broad knowledge of the privacy of their employees," noted the protection center.

After the absence of an employee, the site managers systematically organized an interview, dealing with "vacations", or "symptoms and diagnoses" of the employee, in the event of sick leave.

This information was then "recorded", stored digitally, and used to "build individual profiles".

Superiors also obtained elements of the privacy of their associates during informal discussions, particularly on "family matters" or "religious beliefs".

This data was then "available for reading to up to 50 group leaders."

Reacting to the decision of the German authorities, the ready-to-wear brand has apologized for facts it considers "not in accordance with the guidelines and instructions" of the group.

H&M insists on the "local" aspect of these practices, and claims to have "immediately reported the facts" to the authorities, after learning about them.

These facts were revealed in October 2019, when a computer error made them accessible, for a few hours, to the entire company.

The European Data Protection Regulation has reinforced the obligations of companies in terms of the protection of privacy.

It provides for fines of up to 4% of their turnover.

In 2019, Germany has already sentenced the real estate group Deutsche Wohnen to a fine of 14.5 million euros for archiving sensitive data of its tenants.

France, for its part, imposed a penalty of 50 million euros on the IT giant Google, for failing to inform its users of their personal data.

The highest fine was imposed by the United Kingdom on the airline company British Airways, which in 2019 was fined 183 million pounds (200 million euros), for a theft of financial data from hundreds of thousands of its customers.

© 2020 AFP