Privacy & Data Protection

Client Alert | 1 min read | 09.30.09

Other sections of this issue:
Privacy & Data Protection | ISP-Liability & Media Law | Contracts & E-Commerce |
Electronic Communications & IT

On 19 August 2009, the German discounter Lidl has again been condemned to a 36.000 EUR fine by the German Data Protection Authority for unlawful processing of personal data of its personnel.

A year after the scandal where Lidl was found to have been spying on its employees via surveillance cameras, documents were found in a dumpster indicating that Lidl was unlawfully collecting information about its employees' medical conditions.

Such personal data is sensitive and can only be processed under strict conditions, which were clearly absent here. The personal data collected were moreover also supplemented with comments such as 'operated from tumor, but benign' or 'wants to be pregnant, but fertility issues'.

Lidl admitted to having collected the records but alleged this was only with the purpose of relocating its employees to more fitting positions. This position was, however, not accepted and Lidl was condemned by the German Data Protection Authority to pay a 36.000 EUR fine for violating general principles of German privacy law..

Although this fine is significantly lower than the 1,5 million EUR Lidl had to pay last year, it is a clear indication that Data Protection Authorities more and more actively act against privacy law violations. Also, the fine remained rather low, because the violations were only proven with respect to 4 German branches of Lidl, while the suspicion existed that more branches did collect sensitive personal data in an unlawful manner.

On 14 August 2009, the German federal legislator changed Germany's Privacy Act, now including specific provisions for employer-employee relationships, giving the German Data Protection Authority clearer yardsticks in similar situations in the future.

References: Bundesdatenschutzgesetz (BDSG) in der Fassung der Bekanntmachung vom 14. Januar 2003 (BGBl. I S. 66), zuletzt geändert durch Artikel 15 Abs. 53 des Gesetzes vom 5. Februar 2009 (BGBl. I S. 160)

Links: https://www.ldi.nrw.de/

Contacts

Thomas De Meese
Partner
- Brussels
  - D | +32.2.282.1842
dGRlbWVlc2VAY3Jvd2VsbC5jb20=

Insights

Client Alert | 7 min read | 06.26.26

Federal Roundup: Updates for PBMs and Medicare Advantage Organizations

In June 2026, federal regulators and lawmakers continued their efforts to improve drug affordability through targeted reforms. These recent developments will primarily impact pharmaceutical manufacturers, managed care organizations, and pharmacy benefit managers (PBM) serving Medicare Part D program members. PBMs, Medicare Advantage organizations, and Part D sponsors should monitor these changes in the interest of maintaining compliance and providing input on regulatory proposals that may influence their business operations or compensation structures in the future....

Client Alert | 6 min read | 06.26.26
Supreme Court Holds FIFRA Preempts State Failure-to-Warn Claims Challenging EPA-Approved Pesticide Labels
Client Alert | 4 min read | 06.25.26
Twin Executive Orders Seek to Spur Quantum Leap in Technology and Cybersecurity
Client Alert | 7 min read | 06.24.26
DOJ’s National Security Division Announces First Declination Under New Corporate Enforcement Policy With Parallel BIS Settlement

View All Insights