Privacy & Data Protection
Client Alert | 1 min read | 09.30.09
Other sections of this issue:
Privacy & Data Protection | ISP-Liability & Media Law | Contracts & E-Commerce |
Electronic Communications & IT
On 19 August 2009, the German discounter Lidl has again been condemned to a 36.000 EUR fine by the German Data Protection Authority for unlawful processing of personal data of its personnel.
A year after the scandal where Lidl was found to have been spying on its employees via surveillance cameras, documents were found in a dumpster indicating that Lidl was unlawfully collecting information about its employees' medical conditions.
Such personal data is sensitive and can only be processed under strict conditions, which were clearly absent here. The personal data collected were moreover also supplemented with comments such as 'operated from tumor, but benign' or 'wants to be pregnant, but fertility issues'.
Lidl admitted to having collected the records but alleged this was only with the purpose of relocating its employees to more fitting positions. This position was, however, not accepted and Lidl was condemned by the German Data Protection Authority to pay a 36.000 EUR fine for violating general principles of German privacy law..
Although this fine is significantly lower than the 1,5 million EUR Lidl had to pay last year, it is a clear indication that Data Protection Authorities more and more actively act against privacy law violations. Also, the fine remained rather low, because the violations were only proven with respect to 4 German branches of Lidl, while the suspicion existed that more branches did collect sensitive personal data in an unlawful manner.
On 14 August 2009, the German federal legislator changed Germany's Privacy Act, now including specific provisions for employer-employee relationships, giving the German Data Protection Authority clearer yardsticks in similar situations in the future.
References: Bundesdatenschutzgesetz (BDSG) in der Fassung der Bekanntmachung vom 14. Januar 2003 (BGBl. I S. 66), zuletzt geändert durch Artikel 15 Abs. 53 des Gesetzes vom 5. Februar 2009 (BGBl. I S. 160)
Links: https://www.ldi.nrw.de/
Contacts
Insights
Client Alert | 4 min read | 04.09.26
DOJ Establishes National Fraud Enforcement Division
On April 7, 2026, Acting Attorney General Todd Blanche issued a memorandum establishing the National Fraud Enforcement Division (NFED) within the U.S. Department of Justice (DOJ). This new division will be dedicated to the centralized, coordinated investigation and prosecution of fraud against taxpayer dollars and taxpayer-funded programs. AAG Blanche acknowledged that, while DOJ has a “storied history of combatting fraud,” DOJ has “never adopted a comprehensive and coordinated approach to investigating and prosecuting fraud against taxpayer dollars and tax-payer funded programs.” The NFED was created to close that gap with its core mission being to “zealously investigate and prosecute those who steal or fraudulently misuse taxpayer dollars.”
Client Alert | 2 min read | 04.09.26
OMB Issues New Policy on Federal IT Transparency and Acquisition Oversight
Client Alert | 3 min read | 04.09.26
Preserve It or Lose It: A Missing Jury Instruction Costs Columbia University $94M in Damages
Client Alert | 5 min read | 04.09.26
U.S. State Privacy Enforcement: Key Priorities and Practical Guidance From State Regulators
