Search

How can we help?

Icon

£32.1m fine for employee surveillance

Following an investigation by the Data Protection Authority of Hamburg, fashion retailer H&M has been fined the equivalent of £32.1m for surveillance illegally monitoring of its employees.

The German data protection watchdog discovered that the company was keeping excessive records on hundreds of employees based in their Nuremburg service centre. This included details of holidays, medical symptoms and diagnoses, family issues and religious beliefs. It has also been alleged that these intimate and highly sensitive details were, in some instances, being used by management to evaluate work performance.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation. Last year, Google was fined by the French data protection regulator for breaching GDPR, Marriot International were fined by our own Information Commissioner’s Office for insufficient data-security systems, and PWC were fined by the Greek data protection authority for unlawful processing of employee data. GDPR is now well into its second year yet many companies continue to give inappropriate weight to data protection and underestimate the significance of the information they process.

In the last 12 months there have been a string of high-profile fines against companies for breaches of the legislation.

The fine should come as a stark warning. Data Protection regulators are becoming more active and aggressive in their stance against data breaches. Head of the HmbBfDI, the German regulator, hopes that the size of the fine will “scare off companies from violating people’s privacy”.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

Get in touch

+44 118 958 5321

About this article

  • Subject
    £32.1m fine for employee surveillance
  • Author
  • Expertise
    Employment
  • Published
    07 October 2020

Read, listen and watch our latest insights

art
  • 22 December 2025
  • Corporate and M&A

Corporate law in 2025 and looking forward to 2026

2025 has been a transformative year, with a massive paradigm shift from ‘deregulation’ to ‘transparency and accountability’ at Companies House.
Pub
  • 22 December 2025
  • Privacy and Data Protection

GDPR Packages

Our comprehensive GDPR Packages are designed to help organisations navigate the complexities of data protection and ensure compliance with regulatory requirements.
art
  • 18 December 2025
  • Employment

Employment Law: Looking back at 2025 and what to expect in 2026

2025 has certainly been an interesting year for employment law. While the Employment Rights Bill has pulled much of the focus since it was introduced in October 2024, there have been other important updates this year as well.
art
  • 18 December 2025
  • Corporate and M&A

Deal Announcement: Clarkslegal’s corporate lawyers advise on the sale of Chatterbox Labs Limited to subsidiary of American tech giant

Clarkslegal’s corporate team, led by Senior Consultant Jon Chapman and supported by Senior Solicitor Emma Docking, advised the founders of Chatterbox Labs Limited on the sale of the AI security specialist to Red Hat, Inc., a wholly owned subsidiary of IBM.
art
  • 16 December 2025
  • Employment

Christmas Parties – Festive Fun or a New Year Hangover?

It’s Christmas party season! The office party is often a mixed blessing – an opportunity to boost morale and perhaps celebrate a successful year yet also a melting pot of workers letting their hair down, with potential for accidents, injuries, threats and claims.
art
  • 10 December 2025
  • Privacy and Data Protection

The 12 Data Protection Mistakes of Christmas

As the festive season approaches, it is not just last-minute shopping and office parties that can catch organisations off guard; data protection slip-ups are just as common.
See More