Privacy & Data Protection
Client Alert | 2 min read | 09.30.09
Other sections of this issue:
Privacy & Data Protection | ISP-Liability & Media Law | Contracts & E-Commerce |
Electronic Communications & IT
On 19 August 2009, the German discounter Lidl has again been condemned to a 36.000 EUR fine by the German Data Protection Authority for unlawful processing of personal data of its personnel.
A year after the scandal where Lidl was found to have been spying on its employees via surveillance cameras, documents were found in a dumpster indicating that Lidl was unlawfully collecting information about its employees' medical conditions.
Such personal data is sensitive and can only be processed under strict conditions, which were clearly absent here. The personal data collected were moreover also supplemented with comments such as 'operated from tumor, but benign' or 'wants to be pregnant, but fertility issues'.
Lidl admitted to having collected the records but alleged this was only with the purpose of relocating its employees to more fitting positions. This position was, however, not accepted and Lidl was condemned by the German Data Protection Authority to pay a 36.000 EUR fine for violating general principles of German privacy law..
Although this fine is significantly lower than the 1,5 million EUR Lidl had to pay last year, it is a clear indication that Data Protection Authorities more and more actively act against privacy law violations. Also, the fine remained rather low, because the violations were only proven with respect to 4 German branches of Lidl, while the suspicion existed that more branches did collect sensitive personal data in an unlawful manner.
On 14 August 2009, the German federal legislator changed Germany's Privacy Act, now including specific provisions for employer-employee relationships, giving the German Data Protection Authority clearer yardsticks in similar situations in the future.
References: Bundesdatenschutzgesetz (BDSG) in der Fassung der Bekanntmachung vom 14. Januar 2003 (BGBl. I S. 66), zuletzt geändert durch Artikel 15 Abs. 53 des Gesetzes vom 5. Februar 2009 (BGBl. I S. 160)
Links: https://www.ldi.nrw.de/
Contacts
Insights
Client Alert | 8 min read | 10.01.25
On September 29, 2025, the U.S. Department of Commerce Bureau of Industry and Security (BIS) announced a sweeping Interim Final Rule (IFR), (the “Affiliates Rule”) expanding which entities qualify as Entity List or Military End-User entities, thereby subjecting those entities to elevated export control restrictions under the Export Administration Regulations (EAR). U.S. export restrictions applicable to entities on the Entity List, Military End-User (MEU) List, and Specially Designated Nationals and Blocked Persons (SDN List) now apply to foreign affiliates that are, in the aggregate, owned 50% or more by one or more of the aforementioned entities. An entity that becomes subject to these restrictions because of its ownership structure will be subject to the most restrictive controls that attach to any of its parent entities, regardless of ownership stakes.
Client Alert | 2 min read | 09.30.25
CARB Issues Preliminary List of Entities Covered by California Climate Disclosure Laws
Client Alert | 10 min read | 09.30.25
Client Alert | 7 min read | 09.29.25
White House Seeks Industry Input on Laws and Rules that Hinder AI Development
