$41 million USD fine to H&M for breaching GDPR and spying on the personal lives of 126,000 employees worldwide

A subsidiary of Hennes & Mautitz (H&M), one of the world’s largest clothing sales companies, has been fined unusually for breaching the stipulations of the European Union General Data Protection Regulation (GDPR).

The Hamburg Data Protection Authority (HMBBFDI) decided to fine the company with 35.2 million Euros due to the “excessive use” of the data of its more than 126,000 employees worldwide. This is the highest fine that has been imposed on a company for activity related to mishandling of employee data.

After a data leak that occurred due to a failure in the implementation of H&M’s online storage, HMBBFDI initiated an investigation in which it was discovered that the company stored large amounts of confidential information from its users, including information extracted from its social networks, medical records, financial details, among other data. 

It appears that this information was also collected during conversations between employees and supervisors in the company’s stores and even during the welcome talks held after the period of social estating. As a result, the authority determined that H&M violated the human rights of its employees.

A spokesman for the company publicly apologized to employees, and announced financial compensation for all those affected. This incident was revealed at a particularly difficult time for the company, which has announced the closure of more than 250 stores worldwide that will be completed in 2021.

Currently the firm has about 5,000 stores worldwide, although nearly 200 remain closed as part of measures to combat coronavirus. The increase in online shopping also seems to have prompted the company in its decision to close some branches.