European privacy regulators are scrutinizing how employers collect workers’ personal data and dishing out multimillion-dollar fines for violations.
German electronics retailer notebooksbilliger.de is the latest company to be targeted. The seller of laptops, phones and other electronics online and in bricks-and-mortar shops was fined 10.4 million euros, equivalent to $12.6 million, for using video surveillance cameras to monitor employees, the data protection regulator in the German state of Lower Saxony said this month.
The case reflects European authorities’ growing interest in employers’ use of technology to monitor employees. In October, a different German regulator fined fashion retailer Hennes & Mauritz AB €35.3 million ($41 million) for collecting personal data from employees, including details about their health and religion, and making them available to managers at a German H&M service center over at least five years. Regulators say they have received more complaints about workplace privacy violations in recent years. Worker surveillance appears to be increasing as employers in the U.S. and Europe use technologies to monitor remote workers during the pandemic, privacy and employment experts say.
Notebooksbilliger.de violated the 2018 General Data Protection Regulation, the privacy law in the European Union’s 27 countries, because video surveillance was unnecessary to monitor employees, Barbara Thiel, the Lower Saxony privacy regulator said in an email. “Employees are entitled to perform their professional activities without being subject to permanent surveillance,” Ms. Thiel said.
Companies using video surveillance must justify why it is necessary to avoid violating the GDPR, and that can be tricky for employers. In most cases, an employee expects not to be monitored, the umbrella group of EU data protection regulators said in guidelines on video surveillance published last year.
The electronics retailer said it is appealing the fine and that it is standard for shipping and logistics companies to use cameras to track how goods are stored and sold, and whether they are damaged or go missing. The company said it didn’t use cameras to monitor employee performance. “The fine is completely disproportionate,” Chief Executive Oliver Hellmold said.
European regulators have indicated they are paying closer attention to worker surveillance violations. The Danish privacy authority issued guidelines last month outlining how employers should handle data of current and former workers, as well as those they are recruiting, and the French regulator in November published responses to common questions about how employers should handle privacy issues while employees work remotely. One crucial rule: Employees can’t be under constant surveillance through the use of video cameras or key logger technologies that capture everything they type, the French regulator said.
Last month, the Albanian data protection regulator recommended that French firm Teleperformance SE, which operates customer and technical support services, stop using webcams to monitor employees working from home. Teleperformance and the Albanian regulator didn’t respond to requests for comment.
“ A lot of people put in place technology to monitor data that they potentially don’t understand. ”
In the U.S., there are few legal restrictions preventing such surveillance as long as employees are using a company device or working on a corporate network, said Darrell M. West, vice president and director of governance studies at the Brookings Institution. The risk of employee surveillance is increasing as people work remotely and the line between work and personal life blurs for many employees, who may use corporate devices for private conversations, he said.
Tools to monitor employees’ email and their activity on social media and in online collaboration tools are common and easy to use, Mr. West said. Many companies are especially interested in keeping tabs on how productive people are while working remotely during the coronavirus pandemic, and use technologies to track their activity or how long it takes them to complete tasks.
“A lot of companies are moving in this direction,” he said.
Employers’ surveillance of workers is common in service sectors and especially in warehouses, said Oliver Roethig, regional secretary for Europe at UNI Europa, the European service workers union.
Regulators in Europe need to clarify how companies can use certain technologies as they evolve, such as artificial intelligence, Mr. Roethig said. For example, surveillance could be combined with algorithms to try to predict employee behavior, including taking steps to join a labor union, and inform decisions about how to treat those people, he said.
Many companies make missteps when they start using new technology because they are unaware of legal risks, and senior executives may not know the tool was implemented, said Stefan Martin, a partner in the London office of law firm Hogan Lovells. Managers commonly aren’t aware of particularly risky tools that their company is using, such as technology to monitor employee behavior on corporate computers or a facial-recognition tool that could discriminate against certain groups, he added.
“A lot of people put in place technology to monitor data that they potentially don’t understand,” he said.
Write to Catherine Stupp at [email protected]