The Hamburg Commissioner for Data Protection and Freedom of Information Has Issued 35.3 Million Euros Fine to Hennes and Mauritz
The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has issued a fine of 35,258,707.95 euros to H&M Hennes & Mauritz Online Shop A.B. &Co KG. The company is registered in Hamburg and operates a service center in Nuremberg.
Since 2014 the H&M team leaders were conducting talk with their staff after they come back from annual or sick leaves. In addition, some supervisors acquired a broad knowledge of their employees' private lives through personal and floor talks, ranging from rather harmless details to family issues and religious beliefs. They were obtaining personal and intimate information about them such as vacation details, diagnoses and illnesses. The team leaders were entering this information about the staff on a network drive available to about 50 other managers throughout the company. The purpose for obtaining such information was to obtain a detailed profile of employees for performance and decisions regarding their employment.
This data collection was made known by the fact that the data became accessible company-wide for several hours in October2019 due to a configuration error.
The HmbBfDI was presented with a comprehensive concept how data protection is to be implemented at the Nuremberg service centre from now on. In order to come to terms with the past events, the company management has not only expressly apologized to those affected, it has also followed the suggestion to pay the employees a considerable compensation.
The press release can be accessed here.