On 2 October 2020, H&M received a fine of EUR35 million for monitoring and recording “extensive details” about hundreds of its employees in Nuremburg, in breach of the General Data Protection Regulation (GDPR). The Hamburg Commission for Data Protection and the Freedom of Information revealed that the information included details of absences for vacations and sick leave, symptoms of illness and diagnoses, family issues and religious beliefs.
The Commission found that the data was able to be read by up to 50 managers and that this data was used to “obtain a detailed profile of employees for measures and decisions regarding their employment”.
H&M also agreed to pay out compensation to employees who worked at the Nuremburg site for at least a month since May 2018.