H&M Management Collect Detailed Personal Information on Employees

From Privacy Wiki
Jump to navigation Jump to search
H&M Management Collect Detailed Personal Information on Employees
Short Title H&M Management Personnel and Team Leaders Collected Detailed Private Information on Employees Through Informal Conversations
Location Germany
Date 2019

Taxonomy Interrogation, Exclusion
Information Identifying, Behavioral, Social Network, Family, Communication, Preference, Knowledge and Belief
Threat Actors H&M management personnel and team leaders

Affected H&M employees
High Risk Groups Employees
Secondary Consequences Employment, Changed Behavior

In Germany, H&M personnel management and team leaders have been found systematically and secretly recording detailed personal information on employees.


In 2019 in Germany H&M call center was found to be collecting large amounts of personal information on their employees. This included details on relationships among employees, with which partner they had spent the night, where marriage problems existed or where a divorce was imminent. Similarly, conflicts within the family or deaths of family members or friends were added to the list. And it was recorded whether employee’s vacations had been restful or perhaps rather stressful due to personal problems. Individual-related files contained, for instance, information regarding diseases of employees or family members including the progression of the disease.

This can be seen as an example of Interrogation. Superiors were establishing a friendly atmosphere for dialogue in order to pry out private and very personal information, then put this information in writing structured to management needs, and store it. All this sensitive information was compiled by team leaders and other superiors from informal chats, during breaks, but also from “welcome back” talks, for example after a vacation.

The employees were at no time informed that private information would be specifically queried and then incorporated into centralised files. This is an example of Exclusion.

A number of employees have resigned, because the personal working conditions have deteriorated since the spying became public. They were especially angry about a compensation payment of 2500 € per person, which the team leaders who conducted the spying would also receive.

In October 2020 the German subsidiary of H&M has received a €35,258,707.95 fine from the Hamburg Data Protection Authority for violating the EU General Data Protection Regulation (GDPR). At the moment of the fine it was the largest ever fine under the GDPR for a violation concerning data use.


Threat: Company management probing employees for personal information through informal conversations and internal chats
At-Risk group: H&M employees
Harm: Interrogation
Secondary Consequences: Lost opportunity: Employment; Change of Behavior

Threat:Company management collecting and storing sensitive private information about employees without asking or informing them
At-Risk group: H&M employees
Harm: Exclusion
Secondary Consequences: Lost opportunity: Employment; Change of Behavior

Risk Statistics

Laws and Regulations

General Data Protection Regulation (GDPR)