IT retailer faces €10.4m GDPR fine for employee surveillance

The German notebook seller has hit back, rejecting the fine and claiming it's being set up to be made an example of

Regulators have imposed a fine of €10.4 million (roughly £9.3 million) on notebook retailer AG (NBB) after it was found to have conducted intrusive video surveillance against its employees.

The firm monitored its employees for at least two years without a legal basis, violating the principles of GDPR, with illegal cameras set up in workplaces, salesrooms, warehouses and other common areas. 

Filming wasn’t limited to a specific period nor specific employees under suspicion, and footage was often saved for 60 days, which was deemed significantly longer than necessary by the state commissioner for data protection in Lower Saxony, Barbara Thiel.

In her judgement, Thiel said that video surveillance is only permissible in this way in order to uncover criminal offences if there’s a justified suspicion against specific individuals. The video surveillance operation in this case, however, violated the personal rights of the company’s employees. She added that unrestricted video surveillance constitutes a major encroachment on rights because, theoretically, employee behaviour can be analysed. 

The way some of the cameras were positioned also meant that some footage recorded was of customers, who may have been dwelling in sales areas or testing devices offered.

The online IT retailer has objected to the fine, with its CEO Oliver Hellmold branding it entirely disproportionate. In a statement, he added it bears no relation to the size and financial weight of the company, nor the seriousness of the violation.

NBB claims it began recording the flow of high-quality IT products during the storage, sales and dispatch from 2017, and that this process was in full compliance with GDPR. This would provide a record which can be examined in the event of missing or damaged goods.

Hellmold added that protection authorities declined invitations to attend the workplace and see the use of cameras first-hand, adding had they done so, they wouldn’t have been able to maintain the core allegation. In the company’s view, it’s being set up to be made an example of.

Organisations can expect fines of up to €20 million, or 4% of annual turnover, for the most severe GDPR violations. The penalty against NBB is one of the largest recorded to date, not just in Germany but in wider Europe.

The case bears similarity to that levied against a german wing of the fashion retailer H&M last year, in which the firm was fined €35 million (roughly £31.9 million) for monitoring employees and recording information about their personal lives.

Investigators found in that instance that bosses at a Nuremberg-based operations centre conducted ‘welcome back’ interviews with employees returning from annual leave or sickness. Through these meetings, details about their whereabouts, family lives and even health status were recorded and discussed behind their backs.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

The benefits of workload optimisation

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021