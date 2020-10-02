Hard blow for H & M. The Swedish clothing giant has just been sentenced to a record fine of more than 35.2 million euros in Germany. The goal of this sanction: the collection and massive storage of personal data from employees of the company between 2014 and 2019, reports Courrier International.

A case from 2014

Since at least 2014, the management of the H&M store in Nuremberg has illegally collected and stored the personal data of their employees, which they have collected via a well-oiled system. For example, in the event of an employee being absent, store managers would ask them to provide their symptoms and medical history before aggregating them into a file that was used to create individual profiles.

In addition, the brand managers were given informal conversations about the elements of their employees’ private lives, such as: B. religious believers or family problems, which they then enter in this famous file: “Data on health, from urinary leaks to cancer, but also data on the social environment such as family conflicts, deaths or vacation. “The case was finally rendered in 2019 when an investigation was opened into a data breach due to a configuration error.

H&M publicly apologizes to its employees

In light of the highlighting of this situation, H&M publicly apologized and promised compensation to the hundreds of employees who were victims of this illegal data collection. It has also revised the management at the Nuremberg location and claimed to have deleted all illegally stored data.

The Hamburg data protection authority (the equivalent of the CNIL) fined the clothing brand to a fine of more than 35.2 million euros. A record, because it is the largest amount that Germany has added in the name of the European legislation for the protection of private data (GDPR) that came into force in 2018.

H&M thus serves as an example to “dissuade other companies” from indulging in the same practices, according to the Hamburg data protection authority. As a reminder, companies can be fined up to 4% of their turnover for violating GDPR standards. However, in early 2020 a report found that 90% of the sites did not yet comply with this legislation. In addition, 101 European companies were attacked for non-compliance with the GDPR in August.