Swedish fashion brand H&M has been fined more than €35m for the illegal surveillance of hundreds of employees.
The beauty and fashion retailer had kept ‘extensive’ records of its staff at its Nuremberg, Germany service centre.
The privacy violations, uncovered by the Data Protection Authority of Hamburg, included extensive staff surveys, with details of sick leave, holidays, medical symptoms and diagnosis for illnesses.
The authority noted that supervisors also acquired knowledge of employees’ private lives through personal ‘floor talks’ and obtained information about family issues and religions.
In a press statement, the protection group said: “The combination of collecting details about their (employees’) private lives and the recording of their activities led to a particularly intensive encroachment of employees’ civil rights.”
Hamburg's Commissioner for Data Protection and Freedom of Information, Johannes Caspar, added: “This case documents a serious disregard for employee data protection at the H&M site in Nuremberg.
“The amount of the fine imposed is therefore adequate and effective to deter companies from violating the privacy of their employees.”
Meanwhile, H&M said it had responded “immediately” to the incident and that it began making “several improvements” at its Nuremberg centre.
“A comprehensive action plan has been launched to improve the internal auditing practices to ensure data privacy compliance, strengthen leadership knowledge to assure a safe and compliant work environment and continue to train and educate both staff and leaders in this area.”
The retailer also emphasised its commitment to GDPR compliance.