The French Data Protection Authority (CNIL) has imposed a €32 million fine ($46.8 million Cdn) on Amazon France Logistique, a subsidiary of the Amazon group managing large warehouses in France, for excessive employee surveillance practices.
The sanction follows investigations sparked by press reports and employee complaints about the company’s monitoring methods.
In its warehouses, Amazon France Logistique equips employees with scanners to track real-time performance of tasks such as storage, retrieval, and packaging. Each scan generates data used to calculate indicators of quality, productivity, and inactivity. However, the CNIL found that the level of monitoring, particularly regarding work interruptions and scanning speed, was unlawfully invasive.
Key findings by the CNIL include:
- Illegal Monitoring of Work Interruptions: The CNIL deemed it illegal for Amazon to measure work interruptions so precisely, requiring employees to justify every break or disruption.
- Excessive Tracking of Scanning Speed: The company’s indicator that flagged items scanned in under 1.25 seconds as error-prone was judged excessive.
- Disproportionate Data Retention: The authority found it excessive to retain all collected data and statistical indicators for all employees and temporary workers for 31 days.
The CNIL acknowledged Amazon’s operational demands and high-performance targets but stressed that the data retention and statistical indicators were disproportionate.
In determining the fine, the CNIL considered the unique nature of Amazon’s scanner-based employee data processing. The system’s exhaustiveness and permanence led to detailed monitoring of employee work, affecting thousands of workers. This intense surveillance contributed directly to Amazon’s economic gains and competitive edge.
GDPR Breaches Identified by CNIL
The CNIL identified several GDPR violations:
- Employee Monitoring with Scanners: The system breached the GDPR’s data minimisation principle. The CNIL argued that real-time data and a selection of weekly aggregated data should suffice for employee assistance or reassignment.
- Three Illegal Indicators: The “Stow Machine Gun,” “idle time,” and “latency under ten minutes” indicators were found to be unlawfully processed, leading to excessive employee monitoring.
- Work Schedule and Employee Appraisal Breaches: The CNIL found the detailed data and indicators unnecessary for work scheduling, assessment, and training, advocating for weekly aggregated statistics instead.
- Information and Transparency Obligations: Until April 2020, temporary workers were not adequately informed about the privacy policy before their data was collected. Additionally, both employees and external visitors were insufficiently informed about video surveillance systems.
- Security of Personal Data: The CNIL noted inadequate security in accessing video surveillance software, including weak passwords and shared user accounts.
This decision underscores the ongoing tension between workplace efficiency demands and employee privacy rights, as regulators continue to scrutinize data protection practices in the digital age.