Search

How can we help?

Icon

£32.1m fine for employee surveillance

Following an investigation by the Data Protection Authority of Hamburg, fashion retailer H&M has been fined the equivalent of £32.1m for surveillance illegally monitoring of its employees.

The German data protection watchdog discovered that the company was keeping excessive records on hundreds of employees based in their Nuremburg service centre. This included details of holidays, medical symptoms and diagnoses, family issues and religious beliefs. It has also been alleged that these intimate and highly sensitive details were, in some instances, being used by management to evaluate work performance.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation. Last year, Google was fined by the French data protection regulator for breaching GDPR, Marriot International were fined by our own Information Commissioner’s Office for insufficient data-security systems, and PWC were fined by the Greek data protection authority for unlawful processing of employee data. GDPR is now well into its second year yet many companies continue to give inappropriate weight to data protection and underestimate the significance of the information they process.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation.

The fine should come as a stark warning. Data Protection regulators are becoming more active and aggressive in their stance against data breaches. Head of the HmbBfDI, the German regulator, hopes that the size of the fine will “scare off companies from violating people’s privacy”.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

About this article

Read, listen and watch our latest insights

Pub
  • 09 July 2026
  • Litigation and dispute resolution

The Arbitration Act 2025 – Factsheet

This factsheet outlines the major reforms and key developments introduced by the Arbitration Act 2025, including updates on summary disposal, jurisdictional challenges, emergency arbitrators, arbitrator disclosure duties, and governing law in arbitration proceedings.

art
  • 09 July 2026
  • Immigration

Right to Work Checks are changing from 1 October 2026: Is your business ready?

The Home Office’s new rules, effective 1 October 2026, will overhaul right to work checks and raise the risk of civil penalties for UK businesses.

art
  • 08 July 2026
  • Privacy and Data Protection

ICO prosecutes employee under the Data Protection Act for forwarding client data to his personal email address

The issue of employees taking confidential business information or personal data when moving to a new employer remains a significant concern for businesses.

Pub
  • 07 July 2026
  • Litigation and dispute resolution

Accelerating arbitration: Expedited procedures and key changes in the new ICC Rules – Episode 2

In episode 2, Jack Hobbs (Clarkslegal) and Christopher Howitt (Three Stone) explore how the latest expedited and highly expedited procedures under the ICC Arbitration Rules 2026 are transforming the landscape of dispute resolution.

art
  • 07 July 2026
  • Employment

6 month unfair dismissal rights: What employers need to know

Under the new Employment Rights Act 2025 the minimum period of service required to qualify to bring a statutory claim for unfair dismissal has been reduced from 2 full years to 6 months from 1 January 2027 onwards.  

art
  • 02 July 2026
  • Litigation and dispute resolution

Litigation and Artificial Intelligence: Where are we now?

In the recent case of Cork and another v Smith, the High Court publicly admonished a law firm and two of its solicitors after they had produced and submitted two AI-generated letters to the court containing misleading and false information in relation to a block transfer application made under Rule 12.37 of the Insolvency (England and Wales) Rules 2016.