Amazon receives a heavy GDPR fine in France. Not towards customers, but towards their own employees, because they wanted to quantify performance too much with pure data.

The National Commission for Information Technology and Freedom (CNIL), the French data protection authority, has imposed a GDPR fine of €32 million on Amazon. According to the CNIL, Amazon uses an “over-the-top” system that monitors employees for activity and performance. Why the GDPR fine?

The system records the performance of each employee based on the use of scanners. Everyone has one that they use to document their tasks. For example, they scan when they take something off a shelf, put it away somewhere or put it in a box.

According to the data protection commissioner, the system measures interruptions so precisely that it can make employees feel that a break or interruption is illegal. In their opinion, it also increases the risk of errors because faster is better.

According to the CNIL, it’s about the amount of data that Amazon retrieves from the scanners. It violates the GDPR principle of data minimization because the processing is too simple. Three indicators were registered:

• “Stow machine gun”: The next item was scanned too quickly. There must be at least 1.25 seconds in between
• “Idle time”: a signal that activates when you do not scan anything for ten minutes
• “Latency less than ten minutes”: a signal when you have not scanned anything for between one and ten minutes

What’s particularly stressful is that before 2020, employees didn’t even know that this data was being collected.

Amazon disagrees with the CNIL’s GDPR penalty and points out factual inaccuracies. Accordingly, management systems in department stores are standard practice in the industry to ensure safe, high-quality and efficient work.

It is currently unclear whether this is an isolated case in France or whether Amazon will also have to expect a GDPR fine in other European countries. In the coming years it will certainly come under even greater scrutiny as a “gatekeeper” within the European Union through the Digital Markets Act (DMA).