The CNIL fined Amazon posted on 08 February 2024

The CNIL fined Amazon 32M euros for invasive surveillance of their employees

We often (but not enough) talk about privacy for Internet users but this post is about Amazon’s employees. The CNIL, the French Data Protection Agency fined Amazon for its employees tracking system. For context, Amazon is precisely tracking what warehouse employees are doing with their scanner (how fast they are scanning, when and how long employees are idle etc.)

The fines come from:

  • Not appropriate data minimization: Some activity data were stored too long and in too granular way – aggregates would have been enough to achieve the expected outcome. This is a stark reminder that you can’t collect and keep personal data without a clear use case and no alternative.
  • Not adequate transparency: Employees were not informed about their personal data being collected – this is interesting because a lot of companies assume that employee data is not personal data, which is not accurate.
  • Unlawful processing: This is probably one of the most interesting pieces of the article. The processing of the data was deemed excessively intrusive because Amazon had alternative and less invasive signals available.

Funny enough, the CNIL also mentioned that the password used to access the video surveillance was not secure enough. What do you think they set their password to?

More details on their official press release:

LinkedIn post