News

🚨 Workplace Surveillance: HR Practices Too Intrusive Sanctioned
📦 From Scanners to Cameras: When Performance Oversteps Privacy Rights

Source: SAN 2023-021

💼 An e-commerce company has been called out for its management of data from scanners used by employees in its warehouses.

🔍 Violations Identified

1️⃣ 📊 Excessive Data Collection (Art. 5.1.c of the GDPR)
➡️ Data too detailed on employee productivity, stored over a month, when weekly data would suffice.
➡️ Use for planning or training = disproportionate.

2️⃣ 🚫 Illicit Processing of Certain Indicators (Art. 6 of the GDPR)
🔻 Stow Machine Gun: Flags an error if an employee scans too quickly
🔻 Idle Time: Flags any pause of 10 minutes or more
🔻 Latency Time < 10 min: Flags interruptions between 1 and 10 minutes
👉 Result: Constant and unjustified surveillance.

3️⃣ 👁️‍🗨️ Non-compliant Video Surveillance
➡️ Display: Incomplete information on surveillance systems
➡️ Access to software was inadequately secured (weak password + shared account)

4️⃣ 📅 Intrusive HR Planning & Evaluation
➡️ Ultra-precise monitoring of performance when weekly statistics would suffice for planning and evaluation.

5️⃣ 🔔 Lack of Information (Art. 12 & 13 of the GDPR)
➡️ Temporary workers and visitors were not properly informed about the data processing (scanners & video surveillance).

⚠️ Sanction:
€32 million fine

⚠️ Takeaways:

👉 Minimizing data is not optional.
👉 Clear communication with affected individuals is mandatory.
👉 Performance does not justify everything.

💡 The GDPR regulates workplace surveillance to prevent abuses. A good organization must balance efficiency and respect for fundamental rights.