Naija Market International – €6,000 Fine (Italy, 2022)

Following a report received from the police on 15 July 2020, the Italian DPA sent two requests for information to the owner of Naija Market International, the controller, a company engaged in the grocery business in Modena. These requests sought further information regarding the installation of a video surveillance system on store premises. After the controller did not comply with the requests, the Italian DPA carried out an inspection at the controller's two operating sites, which revealed the presence of video surveillance cameras filming interior spaces of the establishments and therefore potentially suitable for monitoring the work activities of the controller's employees. The cameras were operating in the absence of the appropriate information signs, an alleged violation the Article 5(1)(a) GDPR principle of lawfulness, fairness, and transparency, and the transparency obligations in Article 13 GDPR. Furthermore, the surveillance system was installed without first obtaining permission from the territorially competent Labour Department, in violation of Italian Law. Responding to the allegations, the controller claimed to be unaware of the obligation to inform the Labour department and, because they are a foreign national, unable to understand the particularly technical data protection regulation. Moreover, the controller argued that the conduct involved only 3 employees, and therefore this was only a minor violation. The Italian DPA did not accept the controller's submissions, and held that the use of the video surveillance system constituted a processing of personal data which had to be carried out in accordance with the general principles contained in Article 5 GDPR, in particular the principle of transparency. In this case, the processing had not been signalled in any way and the controller failed to provide any information notice to its employees. According to the Italian DPA, the controller therefore violated Article 5(1)(a) and 13 GDPR. In addition, the