[HN Gopher] German laptop retailer fined $12.7M under GDPR for e...
___________________________________________________________________
German laptop retailer fined $12.7M under GDPR for employee
surveillance
Author : giuliomagnifico
Score : 84 points
Date : 2021-01-17 18:46 UTC (4 hours ago)
(HTM) web link (www.complianceweek.com)
(TXT) w3m dump (www.complianceweek.com)
| fersarr wrote:
| can offices have cameras then, or is a warehouse somehow
| different? because they seem to be all over the place in most
| companies
| IfOnlyYouKnew wrote:
| No, office cannot have cameras (in Germany).
|
| The legal framework is rather easy (and hasn't changed with
| GDPR, as far as I can tell): video surveillance is generally
| illegal. There are specific circumstances where it is legal,
| and those tend to require two things:
|
| - there needs to be some "risk" that is higher than usual, and
| where video surveillance can make a difference.
|
| - it's _extremely_ hard to justify surveillance of spaces where
| people regularly spend long amounts of time, such as their
| workplace.
|
| Generic offices fail both tests: what, exactly, are you looking
| for? Stapler thefts? And, at the same time, the intrusion is
| rather is far more significant than, say, a public transit
| station that you pass through.
| kamyarg wrote:
| I see a lot of mentions of GDPR in the comments, but the fact is
| that the sensitivity of personal information is an older
| mindset(not only a law) in Germany.
|
| It is called "Datenschutz", and you see people proactively
| adhering to it, needed some time to getting used to it but after
| that was amazing to see how much they value their and your
| privacy.
|
| See https://de.wikipedia.org/wiki/Datenschutz for more
| information about the history.
| benjohnson wrote:
| While the US doesn't have GDPR - there's some lessons to learn:
| it's not nice to put people under the microscope all day long.
|
| We're trying to strike a reasonable ballance:
|
| For our business we have an inventory room that is under full and
| complete survalence - but the rest of the office has none.
| olieidel wrote:
| Having stricter data privacy regulation in the EU is good.
|
| But I'm getting the impression that the authorities prefer to
| look into local companies where "easy wins" can be had - like in
| this article.
|
| Let's get this straight: I think the video surveillance here was
| not okay.
|
| But - shouldn't the authorities rather pursue things which matter
| more, i.e. maximising the impact of (number of humans affected *
| magnitude of effect)? The WhatsApp <> Facebook data sharing
| situation comes to mind. Or the recent change of their privacy
| policy.
|
| There's lots more. I feel that big (SV) tech companies have much
| more leeway than local companies, simply because their
| probability of being fined is lower.
| TeMPOraL wrote:
| At least in case of Germany, the article presents their
| approach:
|
| "Germany's federal and regional data protection authorities
| have been keen to focus on steering organizations away from
| "common" privacy violations under the GDPR--such as video
| monitoring, cold-calling, etc.--rather than pursuing record
| fines. Regulators feel such an approach creates a greater
| understanding of what privacy means and how the GDPR impacts
| people and work on a day-to-day basis."
|
| I imagine similar thinking applies in other EU countries.
| Though I sure wish they'd deal with the telemarketers and
| websites with GDPR-non-compliant GDPR forms already!
| detaro wrote:
| And on every headline about an SV company being investigated
| there are complaints that they are unfairly targeting them and
| not do enough about local companies.
|
| Big companies are investigated, but a) for more nebulous cases
| the processes take longer, b) rules to avoid parallel
| investigations in many places also apply to the tech companies,
| which takes time for international coordination and somewhat
| restricts local agencies from acting against them (which _is_ a
| bit of a loophole, or at least delays it further - see the
| various Schrems cases against Ireland), c) Whatsapp /Facebook
| have backed off from some things in Europe already due to
| previous investigations and agreements around the aquisition.
|
| Pretty much everyhwere, the privacy agencies are working on
| extremely limited resources, and can not address everything at
| once. (Yes, this is a problem)
| StavrosK wrote:
| I don't think they're not doing both. Also, the probability of
| getting fined might be lower, but when Facebook gets fined it
| won't be for 12.7 million.
| ognarb wrote:
| The problem is that if you only fine the big tech companies,
| the small companies will just don't bother with the GDPR. What
| we need is more people working on GDPR cases.
| wojcikstefan wrote:
| AFAICT the WA <> FB data sharing will not happen to the users
| in the EU.
|
| Source:
| https://www.forbes.com/sites/carlypage/2021/01/08/whatsapp-t...
| says "In a statement given to Forbes, a WhatsApp spokesperson
| confirmed that there will be no changes to WhatsApp's data-
| sharing practices in Europe and the UK."
| actuator wrote:
| which makes it even worse looking for rest of the world.
|
| If it is indeed not harmful like Facebook is claiming to be
| by pushing WhatsApp status updates, they can choose to do it
| in EU also.
| alisonkisk wrote:
| What do you mean? Laws are different in Europe. "Harm"
| isn't the question, policy is.
| Keyframe wrote:
| I'm not sure I follow/agree on blanket surveillance of a
| workplace... Would this translate to a bank as well? Having a
| recording of an armed robbery or theft during daily count would
| come in handy as probably often does. If that's alright for a
| bank, how's this different?
| IfOnlyYouKnew wrote:
| Banks are high-risk, and video surveillance is longstanding
| practice and generally fine.
|
| BUT I believe it is required to face the customer area (and,
| therefore, film employees mostly from the back). There's also
| usually a "pit"-like work area that's employee-only and I would
| imagine that's out of bounds, as well.
| detaro wrote:
| In the way it's described in the article? yes, that very likely
| wouldn't fly in a bank as well. Banks do have video
| surveillance, but with more restricted terms, e.g. clear
| information which areas are monitored, risk assessments which
| areas justify being monitored, restricted recording (i.e. only
| very short-term storage that needs human intervention to be
| preserved), processes around when and through whom recordings
| can be accessed at all, ...
| Quanttek wrote:
| > According to the regulator, cameras recorded employees in
| workplaces, salesrooms, warehouses, and common areas. NBB claimed
| the aim was to prevent and investigate criminal offenses and to
| track the flow of goods in the warehouses.
|
| > However, in order to prevent theft, a company must first use
| "milder" methods, such as random bag checks when employees leave
| the premises. Moreover, the LfD said video surveillance is only
| lawful if there is "justified suspicion" against specific
| persons, and even then, video monitoring may only be used for a
| "limited" time.
|
| > The data authority found NBB's video surveillance was neither
| limited to a specific period of time nor to specific employees.
| The recordings were saved for 60 days in many cases. Customers
| were also filmed in seating areas without their knowledge or
| consent.
|
| > The regulator said "the allegedly deterrent effect of video
| surveillance, which is repeatedly put forward, does not justify a
| permanent and unprovoked interference with the personal rights of
| employees" in a translated press release.
|
| > "We are dealing with a serious case of video surveillance in
| the company," said Barbara Thiel, head of LfD Lower Saxony, in a
| translated statement. "Companies must understand that with such
| intensive video surveillance they are massively violating the
| rights of their employees."
|
| > Thiel added video surveillance is "a particularly intensive
| encroachment on personal rights" because it can pressurize
| employees "to behave as inconspicuously as possible in order not
| to be criticized or sanctioned for deviating behavior."
|
| Finally! It always amazes me how computer monitoring and video
| surveillance at the workplace have become so widespread.
|
| Also, the idea of focussing on widespread breaches of the right
| to privacy is a great one. It helps spread a better understanding
| of the meaning of the right to privacy.
| detaro wrote:
| > _Finally!_
|
| This isn't exactly a new legal situation in Germany at least.
| (Which obviously doesn't mean companies don't try, otherwise we
| wouldn't have headlines like this...)
| A4ET8a8uTh0 wrote:
| Yep. WW2 legacy resulted in two major additions to the
| foundations of new Germany: spying on citizens is highly
| regulated, freedom of speech does not exist for certain types
| of speech.
| estaseuropano wrote:
| I don't think that's really a WW2 legacy, rather lessons
| from east germany's dictatorship.
| alisonkisk wrote:
| Is the problem is the surveillance or the lack of consent?
|
| Amazon had a problem where they charge employees for the spent
| doing bag searches. If rather be video-recorded (temporarily)
| than wait in a bag searches line.
|
| Also bag-searches seem more invasive than video.
| detaro wrote:
| Consent basically doesn't work as a basis in employment
| situations, because it's almost impossible to argue that an
| employee is guaranteed to not be disadvantaged if they do not
| consent.
| Barrin92 wrote:
| The problem is surveillance. Consent is a meme. People who
| work in warehouses don't get to shop among a dozen different
| employers like software engineers in the valley.
|
| >Also bag-searches seem more invasive than video.
|
| Then don't do either. Or only do some random searches or when
| you're suspecting someone of having stolen something.
| Treating employees like thieves by default is nuts. We don't
| accept petty theft as a justification for mass surveillance
| outside the workplace so we shouldn't accept it inside the
| workplace either.
| [deleted]
| sneak wrote:
| I don't understand how someone putting non-hidden video cameras
| in their own private building is breaching anyone's right to
| privacy.
|
| Entering the building is optional, even if you work there.
| t0astbread wrote:
| Entering the warehouse is optional for a warehouse worker?
| GrantZvolsky wrote:
| Having grown up in an area with an abundance of crime I prefer
| to live with the surveillance of public spaces. I'd wager that
| opinions on surveillance highly correlate with exposure to
| crime.
| IfOnlyYouKnew wrote:
| There's not much evidence that video surveillance is
| effective. If it exists, the effect is small.
|
| Street crime is generally not committed by people accurately
| evaluating their options and making optimal choices with a
| long-term view.
| lrossi wrote:
| I know people who got mugged right under a public
| surveillance camera. They don't help as much as you think.
| [deleted]
| tmpxgdqrcKFuG wrote:
| How would "random" bag checks be milder than video
| surveillance?
|
| - They're typically not going to be watching it 24/7. They'll
| only look at the tapes if something occurs.
|
| - Random bag checks, like in programming, is not really random.
| You either have a particular target or type in mind or you
| apply it to everyone and bag checks are a lot more invasive
| than video surveillance.
| mrtksn wrote:
| They put a device in the exit door that beeps randomly on
| your way out, if the device beeps you get a bag search.
|
| That's how it is random. It's milder because you get in
| trouble only if you have something in your bag that's not
| supposed to be there and since it's random you don't feel
| targeted.
| estaseuropano wrote:
| The issue with video is that you never know who might be
| watching or even how long it is kept or what it is used for.
| It can even be used days/weeks/months later to find evidence
| against an employee, say to nit-pick scenes and use them
| against the employee (e.g. to fire someone). This also offers
| a huge asymmetry as of course the employee themselves have no
| acces to the video.
| levosmetalo wrote:
| > How would "random" bag checks be milder than video
| surveillance? > > - They're typically not going to be
| watching it 24/7. They'll only look at the tapes if something
| occurs.
|
| And they can claim they didn't watch it at all? Total
| surveillance without specific reason and without information
| and consent is exactly what the law is trying to prevent.
|
| > - Random bag checks, like in programming, is not really
| random. You either have a particular target or type in mind
| or you apply it to everyone and bag checks are a lot more
| invasive than video surveillance.
|
| And that's the whole point. If there's a reasonable suspicion
| that someone stole something, they can ask to check the bag.
| The Person has the right to refuse that his bag be checked by
| company employees and ask to involve the police.
___________________________________________________________________
(page generated 2021-01-17 23:00 UTC)