Hennes & Mauritz (H&M)

The BigBrotherAward 2020 in the “Workplace” category goes to H&M Hennes & Mauritz B.V. & Co. KG.

The BigBrotherAward jury thus honours the long-standing, devious, and illegal collecting and processing of employee data, distinctly protected by privacy laws, in the H&M customer centre in Nuremberg.

It seems unbelievable that such a young, modern, hip company like H&M should receive a BigBrotherAward – at least it would be if the company would implement and live up to the values they present on their job application website. There it is claimed that the corporate culture of H&M follows these values:

WE ARE A TEAM

WE BELIEVE IN PEOPLE

ENTREPRENEURIAL IN THOUGHT AND ACTION

CONTINUOUS IMPROVEMENT

COST CONSCIOUSNESS

OPEN AND FORTHRIGHT

KEEP IT SIMPLE

At the very least “OPEN AND FORTHRIGHT” certainly did not function in the customer centre. Here 700 H&M call centre employees serve customers in Germany and Austria. In October 2019 it became publicly known that this customer centre took great interest not only in customer wishes, needs or problems, but also in highly private and personal information about the employees working there.

Personal and health data

On 25 Oct 2019 the FAZ newspaper (Frankfurter Allgemeine Zeitung – a major German paper) first reported¹ that in the Nuremberg customer centre, management personnel and team leaders had access to computer documents in which detailed personal employee information had been systematically and secretly recorded.² This included details on relationships among employees, with which partner they had spent the night, where marriage problems existed or where a divorce was imminent. Similarly, conflicts within the family or deaths of family members or friends were added to the list. And it was recorded whether employee’s vacations had been restful or perhaps rather stressful due to personal problems.

The thirst for information at H&M’s management level made no exception with health-related data. Individual-related files contained, for instance, information regarding diseases of employees or family members including the progression of the disease.³ The Hamburg commissioner for data security and freedom of information, Johannes Caspar, announced after an initial investigation⁴ that in Nuremberg diverse health-related employee data, everything from incontinence to cancer were registered. To make it complete, the information was enhanced with assumptions and rumours, for instance about menstruation problems of individual colleagues.

Employees selectively targeted

All this sensitive information was compiled by team leaders and other superiors. The information originated especially from informal chats with employees in the office or on breaks, but also from “welcome back” talks, for example after a vacation. These talks included questions clearly targeting private matters.⁵ The findings, digitally noted in detail, were made available to the entire H&M management level.⁶ Of course, the employees were at no time informed that private information would be specifically queried and then incorporated into centralised files.

Bosses take advantage of trust

While I was doing research for the BigBrotherAwards, several employees personally showed me the notes made about them. Since these people still work for H&M and fear consequences, I am unable quote them directly. But I can say I was appalled that superiors do not cringe about establishing a friendly atmosphere for dialogue in order to pry out private and very personal information, then put this information in writing structured to management needs, and store it. To describe such an approach, on the basis of an existing occupational relationship of trust, as wretched, would be putting it politely. In any case it is illegal.

Discovered through a data leak

This all came to light accidentally in 2019, as the personal dossiers were suddenly accessible on the internal network. This clearly suggests that H&M's technical and organisational data security is not in a consistently good state. If I were one of their customers, I would be troubled by this situation.

Self-denunciation and apology – Everything okay?

At least the company, after the initial press releases about the records in October 2019, did inform the supervisory authority responsible for their Hamburg headquarters. They have been dealing with the incident since then. The employees themselves were told in internal communication that it was simply a matter of “isolated” cases and that the majority of management would abide by the privacy guidelines.

A message to the employees states that:

“We want to sincerely apologise that these incidents have put you in an unpleasant situation and that insecurity has arisen.”

So, everything okay? Some team leaders make mistakes, management denounces itself, apologises, and that's it? No.

Already in January 2020 a circle of employees reported that the promises for prompt clarification of the matter were not being fulfilled. In addition, the suspicion was voiced that the files had been manipulated before they were inspected.⁷ An employee was quoted as saying that a climate of fear and intimidation prevailed. She consequently did not wish to be named.⁸

A number of employees have resigned, because the personal working conditions have deteriorated since the spying became public. They were especially angered that there would be a compensation payment of 2500 € per person, which the team leaders who conducted the spying would also receive.

But at least, according to these employees, the Nuremberg facility now has a works council (Betriebsrat, formal employee representation in German industrial law).

Surveillance is often evident in call centres

The rampant control mania at H&M is not an isolated case. In the call centre sector much has changed during the last twenty years and a number of firms abide sufficiently by labour and data protection guidelines. Comprehensive surveillance of employees occurs occasionally in other call centres. However, it is often no longer necessary in these places to tediously sound out employees in order to gain information about moods or diseases or such. Specialised software will do that job much more easily, and we have denounced this repeatedly with BigBrotherAwards. For example in 2014 for a subsidiary of RWE (a large energy supplier) that registered mouse clicks and keystrokes, or last year (2019) with a BigBrotherAward for the voice analysis software from Precire.

Why is the call centre sector so susceptible to surveillance excesses and poor working conditions? It's simple: because people in call centres do not work for their own amusement, but rather to earn a living, and therefore are afraid to talk publicly about working conditions. Whoever takes a critical stance and demands their rights may face not having their fixed-term contract extended or not turned into permanent employment after many years of work. What's more, it is technically so easy to register and evaluate the activities in a call centre. And whoever complains about illegal or excessive monitoring is also soon out of a job. It is still to a large extent a precarious business sector. Where works councils exist, their members tell of personal repressions and even threats. So employees consider carefully whether to pass along details of ongoing surveillance. Particularly since an effective law protecting whistle-blowers from disadvantages and sanctions still does not exist in Germany. So, we would not be surprised if in the following years the call centre sector produces further award winners.

In this sentiment: Heartfelt congratulations, H&M, on your BigBrotherAward 2020!