German laptop retailer fined €10.4m under GDPR for video-monitoring employees

German data regulator LfD announced a €10.4M fine under GDPR against the online laptop and electronic goods retailer NBB for video-monitoring employees.

The State Commissioner for Data Protection (LfD) Lower Saxony announced a €10.4 million fine under the GDPR against an online laptop and electronic goods retailer NBB’s (notebooksbilliger.de) for video-monitoring employees for at least a couple of years. This fine is the highest the German authority has set so far.

“The State Commissioner for Data Protection (LfD) Lower Saxony has imposed a fine of 10.4 million euros on notebooksbilliger.de AG.” states the LfD. “The company had video-monitored its employees for at least two years without any legal basis.” states the LfD.”The illegal cameras recorded workplaces, sales rooms, warehouses and common areas, among other things.”

“The State Commissioner for Data Protection (LfD) Lower Saxony said NBB’s (notebooksbilliger.de) constant surveillance was “inadmissible” under the General Data Protection Regulation (GDPR).” reported ComplianceWeek.

NBB was disappointed by the decision and defined the fine as “inadmissible,” it claimed that the video cameras were installed to prevent and investigate criminal offenses and to track the flow of goods in the warehouses. 

“The fine is completely disproportionate. It bears no relation to the size and financial strength of the company or to the seriousness of the alleged violation,” CEO Oliver Hellmold said (original statement, translated statement), “We consider the decision to be unlawful and demand that it be repealed.”

The data regulator pointed out that to prevent theft, a company must first put in place minor measures, such as random bag checks. Video surveillance to uncover criminal offenses is only lawful if there is justified suspicion against certain employees. In any case, the companies can use the camera to monitor the suspects for a limited period of time. This is not the case of the NBB because the video surveillance was in place for a long time, and the recordings were saved for 60 days in many cases, which is significantly longer than necessary.

“We are dealing with a serious case of video surveillance in the company,” said Barbara Thiel, head for LfD Lower Saxony. “Companies must understand that with such intensive video surveillance they are massively violating the rights of their employees.”

The LfD remarks that permanent and intensive video surveillance violates the rights of the employee and put them under pressure.

“Customers of notebooksbilliger.de were also affected by the inadmissible video surveillance, as some cameras were aimed at seating in the sales area. In areas in which people typically stay longer, for example to extensively test the devices offered, those affected by data protection law have high interests worthy of protection.” continues the German data authority. “This is especially true for seating areas that are obviously intended to invite you to linger for a longer period of time. Therefore, the video surveillance by notebooksbilliger.de was not proportionate in these cases.”

The German privacy watchdog also fined the clothing retailer H&M €35.3 million because it was allegedly spying on its customer service representatives in Germany.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, GDPR)

[adrotate banner=”5″]

[adrotate banner=”13″]