IT retailer faces €10.4m GDPR fine for employee surveillance

The German notebook seller has hit back, rejecting the fine and claiming it's being set up to be made an example of

Graphic of a gigantic and sinister CCTV camera observing anonymous people in a crowd

Regulators have imposed a fine of €10.4 million (roughly £9.3 million) on notebook retailer notebooksbilliger.de AG (NBB) after it was found to have conducted intrusive video surveillance against its employees.

The firm monitored its employees for at least two years without a legal basis, violating the principles of GDPR, with illegal cameras set up in workplaces, salesrooms, warehouses and other common areas. 

Filming wasn’t limited to a specific period nor specific employees under suspicion, and footage was often saved for 60 days, which was deemed significantly longer than necessary by the state commissioner for data protection in Lower Saxony, Barbara Thiel.

In her judgement, Thiel said that video surveillance is only permissible in this way in order to uncover criminal offences if there’s a justified suspicion against specific individuals. The video surveillance operation in this case, however, violated the personal rights of the company’s employees. She added that unrestricted video surveillance constitutes a major encroachment on rights because, theoretically, employee behaviour can be analysed. 

The way some of the cameras were positioned also meant that some footage recorded was of customers, who may have been dwelling in sales areas or testing devices offered.

The online IT retailer has objected to the fine, with its CEO Oliver Hellmold branding it entirely disproportionate. In a statement, he added it bears no relation to the size and financial weight of the company, nor the seriousness of the violation.

NBB claims it began recording the flow of high-quality IT products during the storage, sales and dispatch from 2017, and that this process was in full compliance with GDPR. This would provide a record which can be examined in the event of missing or damaged goods.

Hellmold added that protection authorities declined invitations to attend the workplace and see the use of cameras first-hand, adding had they done so, they wouldn’t have been able to maintain the core allegation. In the company’s view, it’s being set up to be made an example of.

Organisations can expect fines of up to €20 million, or 4% of annual turnover, for the most severe GDPR violations. The penalty against NBB is one of the largest recorded to date, not just in Germany but in wider Europe.

The case bears similarity to that levied against a german wing of the fashion retailer H&M last year, in which the firm was fined €35 million (roughly £31.9 million) for monitoring employees and recording information about their personal lives.

Investigators found in that instance that bosses at a Nuremberg-based operations centre conducted ‘welcome back’ interviews with employees returning from annual leave or sickness. Through these meetings, details about their whereabouts, family lives and even health status were recorded and discussed behind their backs.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021