Shorter Reads

Ikea fined €1 million for illegal staff surveillance

The French branch of Ingka Group, which owns various international Ikea stores, has been ordered to pay a fine of €1 million after a Versailles court held that it had unlawfully processed its employees’ personal data.

1 minute read

Published 16 June 2021

Authors

Share

Key information

  • Specialisms
  • Business
  • Services
  • Data Protection

It was reported yesterday that the French branch of Ingka Group, which owns various international Ikea stores, has been ordered to pay a fine of €1 million after a Versailles court held that it had unlawfully processed its employees’ personal data. Ikea had been accused of subjecting its employees to illegal surveillance, including trying to catch an employee who had claimed unemployment benefits despite driving a Porsche.

Even though the case concerns Ikea’s practices between 2009 and 2012, the issues it raises are particularly timely. The rise in home working during the current pandemic has led to many employers becoming increasingly interested in deploying some form of staff surveillance in order to monitor productivity levels.

Those organisations that do intend on introducing monitoring ensures will need to ensure that their staff’s personal data is handled in a lawful, fair, and transparent way under the General Protection Regulation (GDPR). This will mean identifying a lawful basis on which to collect and continue to process the relevant personal data and communicating the details of this to the relevant staff. Many employers will opt to rely on their ‘legitimate interests’ as a lawful basis, but it is important to remember that these specific legitimate interests will need to be explicitly stated in an updated privacy notice circulated to staff. They will also need to be balanced against employees’ individual rights and freedoms by way of a data protection impact assessment. This is a process used to assess whether the proposed form of monitoring is necessary and proportionate, taking into account what employees’ privacy expectations and what they would likely consider excessive. Certain intrusive forms of monitoring (for example, software that records mouse movements and keystrokes) may well fall foul of the GDPR, especially if they are used for automated decision-making (such as basing pay rises on those who are recorded to have logged in at certain times).

Although the GDPR was not a consideration in the Ikea case, given that it only came into force in 2018, the UK-implemented version of it still applies to British employers. If a UK business were to conduct similar activities as described in the Ikea case today, the consequences would likely be far more severe, given that the UK GDPR allows the Information Commissioner to impose fines of up to 4% of worldwide turnover or £17.5 million (whichever is greater) for non-compliance. In a UK context, excessive staff surveillance could also breach the duty of trust and confidence implied in every employment relationship, or potentially even the right to respect for privacy and family life.

Message us on WhatsApp

Related latest updates
PREV NEXT

Related content

Arrow Back to Insights

Shorter Reads

Ikea fined €1 million for illegal staff surveillance

The French branch of Ingka Group, which owns various international Ikea stores, has been ordered to pay a fine of €1 million after a Versailles court held that it had unlawfully processed its employees’ personal data.

Published 16 June 2021

Associated sectors / services

Authors

It was reported yesterday that the French branch of Ingka Group, which owns various international Ikea stores, has been ordered to pay a fine of €1 million after a Versailles court held that it had unlawfully processed its employees’ personal data. Ikea had been accused of subjecting its employees to illegal surveillance, including trying to catch an employee who had claimed unemployment benefits despite driving a Porsche.

Even though the case concerns Ikea’s practices between 2009 and 2012, the issues it raises are particularly timely. The rise in home working during the current pandemic has led to many employers becoming increasingly interested in deploying some form of staff surveillance in order to monitor productivity levels.

Those organisations that do intend on introducing monitoring ensures will need to ensure that their staff’s personal data is handled in a lawful, fair, and transparent way under the General Protection Regulation (GDPR). This will mean identifying a lawful basis on which to collect and continue to process the relevant personal data and communicating the details of this to the relevant staff. Many employers will opt to rely on their ‘legitimate interests’ as a lawful basis, but it is important to remember that these specific legitimate interests will need to be explicitly stated in an updated privacy notice circulated to staff. They will also need to be balanced against employees’ individual rights and freedoms by way of a data protection impact assessment. This is a process used to assess whether the proposed form of monitoring is necessary and proportionate, taking into account what employees’ privacy expectations and what they would likely consider excessive. Certain intrusive forms of monitoring (for example, software that records mouse movements and keystrokes) may well fall foul of the GDPR, especially if they are used for automated decision-making (such as basing pay rises on those who are recorded to have logged in at certain times).

Although the GDPR was not a consideration in the Ikea case, given that it only came into force in 2018, the UK-implemented version of it still applies to British employers. If a UK business were to conduct similar activities as described in the Ikea case today, the consequences would likely be far more severe, given that the UK GDPR allows the Information Commissioner to impose fines of up to 4% of worldwide turnover or £17.5 million (whichever is greater) for non-compliance. In a UK context, excessive staff surveillance could also breach the duty of trust and confidence implied in every employment relationship, or potentially even the right to respect for privacy and family life.

Associated sectors / services

Authors

Need some more information? Make an enquiry below.

    Subscribe

    Please add your details and your areas of interest below

    Specialist sectors:

    Legal services:

    Other information:

    Jurisdictions of interest to you (other than UK):

    Article contributor

    Enjoy reading our articles? why not subscribe to notifications so you’ll never miss one?

    Subscribe to our articles

    Message us on WhatsApp

    Please note that Collyer Bristow provides this service during office hours for general information and enquiries only and that no legal or other professional advice will be provided over the WhatsApp platform. Please also note that if you choose to use this platform your personal data is likely to be processed outside the UK and EEA, including in the US. Appropriate legal or other professional opinion should be taken before taking or omitting to take any action in respect of any specific problem. Collyer Bristow LLP accepts no liability for any loss or damage which may arise from reliance on information provided. All information will be deleted immediately upon completion of a conversation.

    I accept Close

    Close
    Scroll up
    ExpandNeed some help?Toggle

    Get in touch

    Get in touch using our form below.