Suche
Ikea sentenced: 1.5 million euros fine for GDPR violations!
Ikea was fined 1.5 million euros for data protection violations in Vienna. The case concerns video surveillance and GDPR compliance.
Ikea sentenced: 1.5 million euros fine for GDPR violations!
Ikea faces a severe penalty. The Federal Administrative Court (BVwG) has decided that the furniture giant will be made to pay for grossly negligent violations in the area of video surveillance in its branch at Vienna's Westbahnhof. The fine amounts to an impressive 1.5 million euros, combined with additional costs of 150,000 euros. This decision puts the GDPR violations identified between March 25 and May 23, 2022 back in the spotlight. How meinkreis.at reported, a total of 30 violations were recognized, 28 of which were confirmed by the court.
The focus of the allegations is the inadmissible recording of PIN entries by at least one camera in the checkout area. There were also photos of passers-by, tram stations and subway exits outside, which also violated the General Data Protection Regulation (GDPR). The incident was triggered by an anonymous report to the data protection authority in 2022. The judgment also criticizes the fact that, despite clear information and complaints, Ikea did not take immediate measures to correct the problems and only had private zone masking implemented almost eight weeks after the allegations became known.
Criticism of the surveillance methods
The use of video surveillance in retail is a sensitive issue. A December 2023 study shows that an impressive 84% of retail video surveillance is not privacy compliant. This not only entails legal risks, but also potential claims for damages from customers if compliance with data protection guidelines cannot be proven. The German Data Protection Aid highlights that retailers who do not take care of data protection-compliant solutions risk fines of up to 4% of their annual sales. Minor violations can quickly lead to expensive consequences.
Despite the amount of the fine for Ikea, which could theoretically be up to 1.8 billion euros, there were mitigating circumstances. These included the company's cooperation with the authorities as well as the lack of financial benefits and the deletion of potentially problematic recordings. It was also determined that there was no material damage to those affected and that the recorded PIN entries were not misused.
Ikea has announced that it will appeal the ruling. The company believes that no personal data was processed and considers the penalty imposed to be “disproportionately high”. So it remains to be seen how this case will develop in the next instance.
While the topic of data protection is making waves, retailers like Ikea have learned an important lesson when it comes to legal responsibility and how to handle sensitive customer data. The requirements for data protection-compliant video surveillance remain a controversial topic. In order to remain compliant in the future, entrepreneurs should inform themselves about the existing guidelines in good time and take appropriate measures so as not to jeopardize the trust of their customers.