The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the company Notebooksbilliger.de AG, which deals with video surveillance of potential thieves. The company was fined with EUR10.4 million by State Commissioner for Data Protection in Lower Saxony, Barbara Thiel. The economic entity monitor its employees for at least two years with no legal justification. The video cameras were installed in the workspaces, sales floors, warehouses and staff rooms.
According to the company the video cameras had been installed to prevent and investigate criminal offences and to track the flow of goods in warehouses. At the same time, many of the recordings were stored for more than 60 days, contrary to the law.
“This is a serious case of workplace surveillance. Companies have to understand that such intensive video surveillance is a major violation of their employees’ rights. Employees do not have to sacrifice their personal rights just because their employer puts them under general suspicion. According to the case law of the Federal Labour Court, this can put staff under pressure to act as inconspicuously as possible to avoid being criticised or sanctioned for their behaviour”, explained Barbara Thiel.
The customers of notebooksbilliger.de were also affected by the illegal video surveillance, because some cameras were directed at seating on the sales floor.
The fine of EUR 10.4 million is the highest penalty that has ever been imposed by the State Commissioner for Data Protection in Lower Saxony under the General Data Protection Regulation (GDPR). The GDPR enables supervisory authorities to impose fines of up to 20 million euros – or up to 4% of a company’s total annual turnover worldwide.
The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.
At the same time, NCPDP warns about the non-disclosure and prohibition of personal data processing by third parties. The data cover different areas of activity, and their non-compliant processing can have negative consequences.