IT retailer faces €10.4m GDPR fine for employee surveillance

The German notebook seller has hit back, rejecting the fine and claiming it's being set up to be made an example of

Graphic of a gigantic and sinister CCTV camera observing anonymous people in a crowd

Regulators have imposed a fine of €10.4 million (roughly £9.3 million) on notebook retailer notebooksbilliger.de AG (NBB) after it was found to have conducted intrusive video surveillance against its employees.

The firm monitored its employees for at least two years without a legal basis, violating the principles of GDPR, with illegal cameras set up in workplaces, salesrooms, warehouses and other common areas. 

Filming wasn’t limited to a specific period nor specific employees under suspicion, and footage was often saved for 60 days, which was deemed significantly longer than necessary by the state commissioner for data protection in Lower Saxony, Barbara Thiel.

In her judgement, Thiel said that video surveillance is only permissible in this way in order to uncover criminal offences if there’s a justified suspicion against specific individuals. The video surveillance operation in this case, however, violated the personal rights of the company’s employees. She added that unrestricted video surveillance constitutes a major encroachment on rights because, theoretically, employee behaviour can be analysed. 

The way some of the cameras were positioned also meant that some footage recorded was of customers, who may have been dwelling in sales areas or testing devices offered.

The online IT retailer has objected to the fine, with its CEO Oliver Hellmold branding it entirely disproportionate. In a statement, he added it bears no relation to the size and financial weight of the company, nor the seriousness of the violation.

NBB claims it began recording the flow of high-quality IT products during the storage, sales and dispatch from 2017, and that this process was in full compliance with GDPR. This would provide a record which can be examined in the event of missing or damaged goods.

Hellmold added that protection authorities declined invitations to attend the workplace and see the use of cameras first-hand, adding had they done so, they wouldn’t have been able to maintain the core allegation. In the company’s view, it’s being set up to be made an example of.

Organisations can expect fines of up to €20 million, or 4% of annual turnover, for the most severe GDPR violations. The penalty against NBB is one of the largest recorded to date, not just in Germany but in wider Europe.

The case bears similarity to that levied against a german wing of the fashion retailer H&M last year, in which the firm was fined €35 million (roughly £31.9 million) for monitoring employees and recording information about their personal lives.

Investigators found in that instance that bosses at a Nuremberg-based operations centre conducted ‘welcome back’ interviews with employees returning from annual leave or sickness. Through these meetings, details about their whereabouts, family lives and even health status were recorded and discussed behind their backs.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Senator reintroduces federal data protection bill
data protection

Senator reintroduces federal data protection bill

17 Jun 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021
New study shows global privacy investments increasing
data protection

New study shows global privacy investments increasing

2 Jun 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021