Huppuís ehf – €34,000 Fine (Iceland, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Iceland's privacy authority fined Huppuís ehf EUR 34,000 for improperly using video cameras in employee areas. The cameras recorded employees, many of whom were minors, changing clothes in a space that wasn't private enough. This case highlights the importance of respecting employee privacy, especially for minors.
What happened
Huppuís ehf used video cameras to monitor employees, including minors, in areas where they changed clothes without adequate privacy measures.
Who was affected
Employees, mostly minors, who were recorded by video cameras while changing clothes in the workplace.
What the authority found
The Icelandic DPA found that while security was a legitimate reason for surveillance, Huppuís ehf failed to balance this with the privacy rights of its employees, especially minors.
Why this matters
This decision stresses the need for businesses to ensure privacy in employee areas, especially when minors are involved. Companies should explore less intrusive security measures and provide clear information about surveillance practices.
GDPR Articles Cited
The Icelandic DPA (Persónuvernd) has imposed a fine of EUR 34,000 on Huppuís ehf. A former employee filed a complaint against the controller with the DPA. The reason for this was the camera surveillance installed by the controller. During their shifts, the controller's employees wore clothing provided by the controller.However, the designated changing room of the store was a storage room in which large quantities of cleaning materials were stored. Due to a lack of sufficient space in this room, the employees (mostly minors) had to change in the general employee area, which was covered by a video camera. The controller stated that they had installed the video camera for security purposes. The DPA concluded that the controller had a legitimate interest in the video surveillance, but that the interests of the mostly underage employees must also be taken in account. The controller should have tried to implement less restrictive measures. In addition, the DPA underlined that the information on video surveillance was inadequate in both the employee and customer service areas. In determining the amount of the fine, the fact that a large number of the data subjects were minors was taken into account as an aggravating factor.
Related Enforcement Actions (0)
No other enforcement actions found for Huppuís ehf in IS
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
15 June 2021
Authority
Persónuvernd
Fine Amount
€34,000
Enforcement Tracker ID
ETid-740
About this data
Cite as: Cookie Fines. Huppuís ehf - Iceland (2021). Retrieved from cookiefines.eu
Last updated: