Ew Business Machines S.p.A. – €20,000 Fine (Italy, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Italian Data Protection Authority fined Ew Business Machines EUR 20,000 for excessive employee monitoring. The company recorded audio and tracked employees' locations without proper notice or legal basis. This case shows that businesses must inform employees about monitoring and have a valid reason for it.
What happened
Ew Business Machines was fined for excessive monitoring of employees through audio recordings and GPS tracking without proper notice.
Who was affected
Employees of Ew Business Machines who were monitored through audio recordings and GPS tracking.
What the authority found
The authority found the company violated GDPR by not informing employees about audio monitoring and lacking a legal basis for biometric data processing.
Why this matters
This case highlights the need for transparency and legal justification when monitoring employees. Companies should ensure they inform employees about any surveillance and have a valid legal basis for processing personal data, especially sensitive information like biometrics.
GDPR Articles Cited
The Italian DPA has imposed a fine of EUR 20,000 on Ew Business Machines S.p.A.. The controller had installed a video surveillance system that not only recorded images in real time, but also made audio recordings, capturing employees. Both the company's legal representative and their family had access to these recordings via a smartphone. During its investigation, the DPA found that the employees were not adequately informed about the additional audio monitoring. In addition, the company used an application to continuously track the location of some employees via GPS. The DPA found that this continuous location tracking constituted an excessive monitoring of the employees. In addition, the company had installed an alarm system based on the processing of biometric data (fingerprints). In this case, the company could not demonstrate a sufficient legal basis for the processing of the biometric data.
Related Enforcement Actions (0)
No other enforcement actions found for Ew Business Machines S.p.A. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
1 June 2023
Authority
Garante per la protezione dei dati personali
Fine Amount
€20,000
Enforcement Tracker ID
ETid-1994
About this data
Cite as: Cookie Fines. Ew Business Machines S.p.A. - Italy (2023). Retrieved from cookiefines.eu
Last updated: