Details:
| Summary | The DPA from Luxembourg (CNPD) has imposed a fine of EUR 12,500 on a company. The company had installed a video surveillance system for the purpose of protecting company property, securing access to private and high-risk locations, and ensuring the safety of users and preventing accidents. However, the cameras also excessively captured parts of the public space and workplaces of employees. The DPA finds that the controller thus violated the principle of data minimization under Art. 5 (1) c) of the GDPR. In addition, the controller had not properly informed the data subjects about the processing of the data by the video surveillance and thus violated its duty to inform. |
| Link: | link |
| Related articles: | Art. 5 (1) c) GDPR, Art. 13 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 12,500 |
| Sector | Not assigned |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/