Surveillance abuse Amazon

On January 23, 2024, Amazon France Logistique (AFL) was fined 32 million euros by the CNIL (National Commission for Information Technology and Freedoms) in France for establishing an excessive surveillance system of employee activity and performance and for failing to meet information and security obligations regarding video surveillance.

This is not the first time a large company has been penalized for excessive surveillance of its workers. In Germany, the Lidl retail chain was also fined a total of 1.46 million euros by the courts for espionage through micro-cameras and private detectives, infringing on the privacy of employees. However, the fine imposed on Amazon is significant.

Continuous collection of employee activity AFL operates large distribution centers in France where it receives, stores, and prepares items for shipment. In 2019, the company had nearly 6,000 employees and used more than 21,000 temporary workers. To optimize the real-time operation of the warehouses, AFL continuously collects data on employee activity: the scans performed by each employee to track the progress of each item through various stages of preparation and distribution, but also to measure the employee’s activity by tracking the number of units they process over a given period, counting the time periods in which no units are processed, and analyzing the quality levels of the processed units according to detailed criteria. The data is retained for 31 days.

Excessive computer monitoring violates the GDPR
The CNIL ruled that three of the 43 indicators used violate the General Data Protection Regulation (GDPR), namely the execution time of a task (a time of less than 1.25 seconds is associated with an error) and two indicators of inactivity (more than ten minutes and less than ten minutes at certain critical times of the day). In essence, the CNIL considers that the processing of these indicators cannot be justified based on legitimate interest (Article 6), as it leads to excessive computer monitoring of the employee in relation to the goal pursued by the company, especially due to the constant pressure placed on the employee to justify even the shortest interruption. Other means exist to achieve work planning, evaluation, and training goals. Furthermore, the processing of these indicators does not comply with the principle of data minimization (Article 5.1.c).

Continuous surveillance is not disputed
The CNIL believes that the surveillance via cameras was not sufficiently communicated and that access to the system was not adequately secured (weak passwords and shared access). However, an important point is that the CNIL does not challenge continuous surveillance, given the exceptional circumstances faced by AFL, such as the volumes processed and the tight delivery deadlines, which necessitate very detailed, real-time monitoring of all actions in the warehouse and the status of each workstation, thus each employee. The Amazon system specifically analyzes the quality of the employees' work based on detailed criteria.

The severity of the fine is justified by the number of employees involved and the scope of the collected data
The severity of the fine is justified by the number of employees involved, the scope of the collected data, and the benefits the company has gained from the system, which makes it extremely competitive.

Such a system is not illegal in Belgium

In Belgium, as in France, the GDPR must be respected. The CNIL’s decision thus reminds Belgian companies of the heavy sanctions that can be imposed in case of violations, even though the Belgian Data Protection Authority (GBA) does not have the same resources as the CNIL.

In the Belgian context, it should be noted that its implementation must take into account the CCT 38 concerning new technologies, which requires companies to inform and consult employees. Furthermore, given the stress and pressure on employees, an opinion from the prevention and protection committee may be required, considering the provisions regarding well-being. Finally, it is useful to remember that the employees involved may seek compensation.