Read the text below.
H&M Germany was fined millions of dollars for violating its employees’ data privacy.
The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) reported that managers at H&M’s customer service center in Nuremberg have been keeping notes on employees’ personal information since 2014. Some pieces of information include employees’ vacations, illnesses, religious beliefs, and family issues. The data was gathered from office meetings and one-on-one conversations. Managers used the data to evaluate employees’ performance.
Originally, the personal information collected was only accessible to about 50 managers, but a technical issue caused the data to be available to the entire company for a few hours in October last year. The incident alerted the watchdog to H&M’s illegal practices, which resulted in a hefty fine of over $41 million.
According to Commissioner Johannes Casper, H&M showed a complete disregard for its workers’ data privacy and a grave violation of the General Data Protection Regulation (GDPR), a law that requires businesses to protect the personal information of European Union citizens. He believes the fine is fair and appropriate to deter other companies from violating their employees’ rights.
In a press release, H&M took full responsibility for the incident and apologized to the Nuremberg customer service center employees. The company will review the HmbBfDI’s decision and make amends by paying anyone who worked at the customer service center after May 2018 for at least one month. H&M has also taken action to protect employees’ personal information by replacing the center’s management and conducting additional data privacy and labor law training for its leaders.