Did H&M spy on its German employees? Privacy watchdog opens an investigation

A German privacy watchdog is investigating into clothing retailer H&M because it was allegedly spying on its customer service representatives in Germany.

Hamburg’s data protection commissioner has launched an investigation into Swedish clothing retailer H&M (Hennes & Mauritz) amid evidence that the company was spying on its customer service representatives in Germany.

According to the German privacy watchdog, a hard drive containing about 60 gigabytes of data revealed that superiors at the site in Nuremberg kept “detailed and systematic” records about employees’ private and sensitive data.

“Hamburg’s data protection commissioner said in a statement Monday that a hard drive containing about 60 gigabytes of data revealed that superiors at the site in Nuremberg kept “detailed and systematic” records about employees’ health, from bladder weakness to cancer, and about their private lives, such as family disputes or holiday experiences.” reads a post published by the Associated Press.

Johannes Caspar, the state data protection officer in Hamburg, said the records demonstrate a massive surveillance activity on employees. The records were accessible to all company managers.

“In fact, there was a massive spying out of the employees at the location in Nuremberg,” said Caspar of the German Press Agency. “This has resulted in a significant evaluation of the reports available to us.”

The situation is very severe for H&M that in response said in a statement that it takes the case “very seriously” and expressed its “honest regret” to the affected staff.

“The qualitative and quantitative extent of the employee data accessible to the entire management level of the company shows a comprehensive research of the employees, which has not been comparable in the past few years,” added Caspar. “It is also health data of those affected, from bladder weakness to cancer, as well as data from people in their social environment, such as family disputes, deaths or holiday experiences.”

The company said that it is offering full cooperation with data protection officials, it also added that its managers had already taken urgent measures in response to the incident.

In the coming weeks, the data protection officer would decide the fines for this case. Let’s remind that according to EU GDPR law, H&M could face a fine of four percent of global annual sales.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – H&M, privacy)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.