CNIL Fines SAMARITAINE for Concealed Surveillance Violations

On September 18, 2025, the French data protection authority, CNIL, imposed a €100,000 fine on SAMARITAINE SAS for unlawfully concealing surveillance cameras in its store reserves. The investigation was prompted by a press article and subsequent employee complaints regarding the installation of cameras disguised as smoke detectors, which recorded audio without proper notification or justification. The CNIL found that the company failed to conduct a necessary GDPR compliance analysis and did not document the temporary nature of the surveillance system, violating the principles of lawful data processing and transparency.

The CNIL's ruling emphasized that while hidden cameras may be permissible under exceptional circumstances, they must be accompanied by a thorough assessment of their necessity and proportionality. SAMARITAINE's breaches included failing to involve its Data Protection Officer in the decision-making process and recording conversations between employees, which was deemed excessive and a violation of data minimization principles.

This case serves as a critical reminder for organizations to establish robust compliance frameworks when implementing surveillance technologies, ensuring that employee privacy rights are adequately protected.