Unknown

説明

The DPA from Luxembourg (CNPD) has imposed a fine of EUR 2,400 on a company. The controller had installed a video surveillance system to protect the company's assets and prevent entry by unauthorized persons. However, the cameras also excessively captured parts of the canteen terrace which serves as a recreation area for employees. The DPA finds that recording employees during their break is not necessary to ensure the purposes related to the video surveillance and was therefore disproportionate. The DPA finds that the controller has thus violated the principle of data minimization under Article 5 (1) c) GDPR.