The Swedish giant specializing in the production of furniture and home accessories is currently facing legal action for spying on its employees. According to the news portal Mediapart, IKEA has been vetting its employees and job applicants at its branches in France for several years. This was done through a security agency that checked whether employees had a clean criminal record, did not speak out against globalization, and posed no risk of eco-terrorism.
The case of employee surveillance was exposed in 2012 by the aforementioned Mediapart website. At the helm of the system was the former director of risk management, Jean-François Paris, who, according to sources at the French television station France 24, regularly sent lists of names to be investigated by a private investigator. Even a former “model” employee who had become a protester was not spared from surveillance. They were curious about what could have caused such a change in an employee’s behavior, and based on this, they sought to rule out the risk of eco-terrorism. In another case, an employee who had purchased a new and expensive BMW convertible was on the watch list.
Among the dozens of employees and police officers who will face charges in court in Versailles are former CEO Stefan Vanoverbeke and his predecessor, Jean-Louis Baillot. The alleged charges include “collecting personal data for a file by fraudulent means,” “misuse of the purpose of personal data processing,” “intentional and unlawful disclosure of personal data,” or “breach of professional confidentiality”. The daily newspaper Le Monde characterized these actions as a form of espionage.
According to the French news agency, the company faces a fine of up to 3.75 million euros, and some of the defendants could face up to ten years in prison. The trial is expected to conclude on April 2.
Current Situation
Currently, such processing of personal data is in violation of the applicable GDPR, which applies to all member states of the European Union, and under which the collection of personal data is considered one of the operations involving the processing of personal data. Such processing of personal data is lawful only if one of the following conditions is met under Article 6(1) of the General Data Protection Regulation:
a) the data subject has given consent to the processing of their personal data,
b) the processing of personal data is necessary for the performance of a contract;
c) the processing of personal data is necessary to comply with a legal obligation,
d) the processing of personal data is necessary to protect the vital interests of a natural person,
e) the processing of personal data is necessary for the performance of a task carried out in the public interest,
f) the processing of personal data is necessary for the purposes of the controller’s legitimate interests.
Any processing of personal data must be carried out lawfully, fairly, and transparently in relation to the data subjects, in accordance with Article 5(1) of the General Data Protection Regulation. Personal data must be collected only for specific and legitimate purposes. Currently, actions and processing of personal data—such as spying on employees of the French branch without a relevant legal basis—are considered disproportionate and unacceptable. The processing of personal data must comply with Union law and the law of the Member State to prevent any violation of the fundamental rights and freedoms of data subjects or any other unjustified interference with their privacy.
Sources: https://www.france24.com/en/europe/20210322-ikea-france-goes-on-trial-for-spying-on-private-lives-of-staffhttps://www.lemonde.fr/economie/article/2018/03/14/espionnage-chez-ikea-un-systeme-a-grande-echelle-aux-yeux-du-parquet_5270482_3234.html