First Video Surveillance GDPR Fine In France

*** ****** ********** *** imposed * ******** **** on * ***** ******** for ********* *** **** after ** ********** ****** employees ******* ********* **** and **** **** ********** practices. ** ***** *** first **** **** ***** surveillance **** **** ****** by *******, ******’* **** ********** agency, ** *** ********* to ****.

** **** ****, ** examine *** **** *** what ** ***** *** GDPR ********** ***** *******, including:

• ****** ***** ************ *********** Context
• ******* **********
• **** ***********
• **** **** ******** **** Violated
• *** *** **** *** Calculated
• ******* ******/**********

*** **********, *** ******* *** ***** ************ Guide.

**********, *** **** ***** the ********** ** **** compliance *** ******* ******* with **** *********** ** address ******. *******, *** evidence ** ***** ***** no ******* ** **** violation *********** *** ***** surveillance.

[***************]

Context: ******* ****** ***********

** ******, ***** ************************** ******* **** *********, and **** *** *** case ********** *** ****. *** *******, ******* individuals****** ******* ******* **** film ****** ********, **** * ******** in ***** ** ***** own *****. ** *** workplace, ******** ************ ** employees ** ********** - see **** ******* ****** by ******* ** *******:

***********:***, *** *** ******* security ******* ** *** [office] ******* *** ******** purposes.**, ** ** ********* to ******* ********* ** this *******.

Enforcement ***

*******, ****** *********** ** video ************ *********** ** low, *** **** *** not ******* ***** *** GDPR *** ******. ** 2017, **** *** ******* in *** ***** ******* was ***** *** ***** surveillance ********** ***** ** employee ********** ** * camera ******* *** ****; the **** *** *,*** euros ($*,***). *** * single ******* *** ***** in ****, *** **** the **** *** ******. From**********, *** ****** ** CNIL ***** ************ ******* investigations **** ******** **** 47 ** **, *** annual ******* ****.

************, **** ***** ************ investigations *** ********* ***** on **********, * ****** of**** *******************, ***** ***** *** CNIL ** *** *********** inspecting *** *** *****, integrators, ** ****** *** possible **********.

Company **********

*** ******* **** *** fined ** ***************, * *********** **** based ** ***** **** only * *********. *** revenue ** **** *** about $* ******* *** it **** ****** ** over $***,***, *** ******** ***********.

CNIL ***********

*** **** ********* **** it ***** *** ************* based ** ******** ********** about *********’* ************ ******: a ***** ** *, starting *** *** *** back ** ****. ** sent ******* ******* ** Uniontrad *** ******** ** response.

****’* ***** ****** ********** took ***** ** ******** 2018, *******:

* ****** ****** *** desks *** * ******… employees **** ***** ******** notified

******* *** ****** *** longer **** ******* ******

******** ** ***** ** access ******* *********** *** [email] ******* *** *** ensure **** ******** *** confidentiality (********'* ********* *** not ******* ********* *** employees ****** * ****** email *******)

** ****, *** **** gave ********* *** ****** to *** *** ***** issues. ** *********, ********* claimed ** * ****** that ** *** ********* them, *** * ****** CNIL ********** * ***** later ***** ****:

*** ****** ******* ********* has **** ***** ** constantly *** ******* ************ since *** ******* ********** in ********

** *********** *** **** relayed ** *** ********* about *** ***** ************, which ****** ************ **** the ******* ** *** processing, ******** ** *******, and ****** ********** *** data

*** * ****** ******** policy *** **** *** in ***** *** *** employee's ********* *** ** measures **** **** ***** to ****** ************ ** [who ** *****] *** email *****

***** *** ****** **********, Uniontrad ******* ** *** complied **** *** *** by ******* ******* **** on *** ******** ******, putting ** * ****, and ************ ******** ********. However, *** **** ********** that *** ****** *** still ******* *** ******** desk.

**********, *** **** ****** that ******* ********* *** not ****** ********* ****** the *** ***** ****** in ****, *** *** ignored ************** ***** ** that, * *********/****** ******* would *****.

What **** ******** **** ********

************, *** **** ****** that **** **** ******** were ******** ** *********:

******* *, **:******** **** ***** ** adequate, ******** *** ******* to **** ** ********* in ******** ** *** purposes *** ***** **** are ********* (‘**** ************’). **** ******* ******** to *** ******** ***** surveillance ** *********'* *********. French ******* **** (**** pre-GDPR) ** *** ****** this, ****** *** **** the **** ***** "*********** circumstances", **** ** ****** sensitive ************, *** * translation ******* **** *** qualify, *** **** ******. For **** ***** ****** laws ** ********** ********** employees, *******'* ************ *** **** *********** a $*.* ******* **** on * ****** *** "excessive ***** ************."

******* **:*********** ***********, ************* *** modalities *** *** ******** of *** ****** ** the **** *******". *.*. ********* *** not *********** ** *** employees ***** *** ***** surveillance ****** *****.

******* **:*********** ** ** ******** where ******** **** *** collected **** *** **** subject.******* ** ******* **. Uniontrad *** *** *** up * ******* ******* sign ********* ********* ** the **** ********** ****** place, *** ****** ** contacted *** **** *******, storage ********, ***. *** IPVM's**** *** ***** ************ Guide*** **** ***** **** kind ** *********** ****** be *** ** ** such *****.

******* **:******** ** **********: *** processor ***** ********* *********** technical *** ************** ******** to ****** * ***** of ******** *********** ** the ****. **** ****** ** Uniontrad's **** ** ********* on ******* *********, ***** CNIL ****** "*** *** ensure *** ******** ** personal ****".

How *** **** *** **********

***** *******'* ******* **,* ******* **** ** 20 ******* ***** ($**.* million) ** *% ** global ****** ******* ** permitted, ********* ** ******. Fines **** ** "effective, *************, *** **********".

*** **** ********* ********** a **** ** **,*** euros ($**,***). ****** **********'* ***** ***** ************ GDPR ****,*** **** *** *** offer * ********* ** how **** **** ********* cost. *** **** ****** was ******* ********** ** the ******** ********** ***** Uniontrad ***** **** *** its ******* ** **** with **** ************* ** fix *** ******, **** the **** *******:

*** ******* - ******** to **** ** ****** - ***** ******** ************ with *** **** ***** the ****** ******* *** already ***** ***.

*******, ********* **** **** a **** *** "****************" under ******* ** *** to *** *******'* **** financial *********. *** **** agreed *** ******* ** fine ********* **,*** ***** (about $**,***). **** ** the ********** *** *** the **** ** ** made ****** - **** is *** * *** practice, ** *** ** seen **** **** **** of******** **** *****.

Broader **** ************

*** ********* **** ********* the ********** ** **** compliance. **,*** ***** *** a *****, *****-****** ******* is * *** *** and ** *** ******* video ************ **** *** CNIL *** ****** ***** at ***** ****, ********* to ********* ******** ** *********.

*** **** **** ** GDPR ********** **** ********* was ******* ** ***** how *** *** *** given **** ********** *********** a *** *** **** sophisticated ******* ** ****** against *********; ***** ** the ****, ***** ************ violations **** ******* ****** against******'* ***** **** ** law *** ******** *******.

*******, *** ****'* ******* should *** ** *****. Enforcement ** *** **** stringent. ** ********* *******, zero ***** ************ ***** were **** *** **** the **** ******, *** the ****** ** ***** surveillance ************** ******** ************* (47 ** **) **** 2017 ** ****.

**** ***** *** **** directly ** ** *** stepping ** *** *********** of ***** ************ *********** due ** *** ****. They **** ** - the **** ****** ****** by *** **** (** enforcement *****) ** *** maximum ********* **** ***** raised ** ** ******* euros ** *% ** global ****** ******* - admittedly * *** ******, but ********** *** ******* players, ********** ***** *** GDPR ****** ******** **** fines ** "*************".