IT retailer faces €10.4m GDPR fine for employee surveillance

The German notebook seller has hit back, rejecting the fine and claiming it's being set up to be made an example of

Regulators have imposed a fine of €10.4 million (roughly £9.3 million) on notebook retailer AG (NBB) after it was found to have conducted intrusive video surveillance against its employees.

The firm monitored its employees for at least two years without a legal basis, violating the principles of GDPR, with illegal cameras set up in workplaces, salesrooms, warehouses and other common areas. 

Filming wasn’t limited to a specific period nor specific employees under suspicion, and footage was often saved for 60 days, which was deemed significantly longer than necessary by the state commissioner for data protection in Lower Saxony, Barbara Thiel.

In her judgement, Thiel said that video surveillance is only permissible in this way in order to uncover criminal offences if there’s a justified suspicion against specific individuals. The video surveillance operation in this case, however, violated the personal rights of the company’s employees. She added that unrestricted video surveillance constitutes a major encroachment on rights because, theoretically, employee behaviour can be analysed. 

The way some of the cameras were positioned also meant that some footage recorded was of customers, who may have been dwelling in sales areas or testing devices offered.

The online IT retailer has objected to the fine, with its CEO Oliver Hellmold branding it entirely disproportionate. In a statement, he added it bears no relation to the size and financial weight of the company, nor the seriousness of the violation.

NBB claims it began recording the flow of high-quality IT products during the storage, sales and dispatch from 2017, and that this process was in full compliance with GDPR. This would provide a record which can be examined in the event of missing or damaged goods.

Hellmold added that protection authorities declined invitations to attend the workplace and see the use of cameras first-hand, adding had they done so, they wouldn’t have been able to maintain the core allegation. In the company’s view, it’s being set up to be made an example of.

Organisations can expect fines of up to €20 million, or 4% of annual turnover, for the most severe GDPR violations. The penalty against NBB is one of the largest recorded to date, not just in Germany but in wider Europe.

The case bears similarity to that levied against a german wing of the fashion retailer H&M last year, in which the firm was fined €35 million (roughly £31.9 million) for monitoring employees and recording information about their personal lives.

Investigators found in that instance that bosses at a Nuremberg-based operations centre conducted ‘welcome back’ interviews with employees returning from annual leave or sickness. Through these meetings, details about their whereabouts, family lives and even health status were recorded and discussed behind their backs.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Supply chain breaches impacted 97% of firms in the past year
supply chain management (SCM)

Supply chain breaches impacted 97% of firms in the past year

12 Oct 2021