France’s data protection authority fined Amazon €32 million ($34.7 million) for excessively monitoring employees in its large warehouses and for not deleting that data in a timely manner, among other alleged offenses it said violated the European Union’s General Data Protection Regulation (GDPR).

The organization, the Commission Nationale Informatique et Libertés (CNIL), cited how an Amazon subsidiary, Amazon France Logistique, tracks the scanners that employees use to process and send items as a means of documenting how quickly they perform tasks and how many breaks they take, often down to the second.

Management uses the scanners to track employees who are inactive for more than 10 minutes; deploys a “stow machine gun” indicator to detect when an employee scans an item in less than 1.25 seconds on the assumption that moving that quickly could cause errors; and notes when employees are idle.

“The processing of these three indicators could not be based on legitimate interest, as it led to excessive monitoring of the employee regarding the objective pursued by the company,” the CNIL said in a press release announcing the fine.

The CNIL ruled that the system for measuring the speed at which items were scanned and the close monitoring of employees’ work interruptions qualified as illegal because of how it forced employees to justify every break taken and because of the scale and intensity of the surveillance.

The CNIL also said Amazon’s 31 day retention of the data was inappropriate. The authority noted that employees and outside visitors were not adequately informed of the surveillance, a violation of the GDPR. The GDPR, which became effective in 2018, allows EU member states to impose large fines on organizations that collect and share data without user consent.

Amazon said in a statement that it strongly disagrees with the CNIL’s conclusions, which it called “factually incorrect.”

“We reserve the right to file an appeal,” the statement continued. “Warehouse management systems are industry standard and are necessary for ensuring the safety, quality, and efficiency of operations and to track the storage of inventory and processing of packages on time and in line with customer expectations.”

CNIL said it set the large fine amount particularly because Amazon’s processing of employee scanners was “different from traditional activity monitoring methods due to the scale on which they were implemented, both by their exhaustiveness and their permanence, and led to very close and detailed monitoring of employees’ work.”

The data protection authority added that Amazon’s “close surveillance for all tasks carried out with scanners” put employees “under continuous pressure” while allowing Amazon to make “economic gains.”

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Suzanne Smalley

Suzanne Smalley

Suzanne Smalley is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.