France: Issued ruling in CNIL investigation into Amazon France Logistique on worker monitoring

On 27 December 2023, the French National Commission for Information Technology and Liberties (CNIL) issued a ruling in its investigation of Amazon France Logistique on its worker monitoring practices, imposing a sanction of EUR 32 million for violations of the EU's General Data Protection Regulation (GDPR). The violations concerned the excessive monitoring of warehouse workers through individual productivity metrics collected in real-time via handheld scanners. CNIL found the granular, continuous tracking of each action on warehouse tasks, and the use of this data for performance evaluation, to be disproportionate and lacking a legal basis under the GDPR's principles of data minimisation and purpose limitation. Other violations included failing to properly inform temporary workers about the data processing, as well as security failures in the video surveillance system such as shared accounts and weak passwords. The fine amounts to around 3% of Amazon France Logistique's EUR 1.135 billion turnover in 2021. CNIL justified the high fine based on the severity and scale of the violations, which affected several thousand warehouse workers. CNIL will publish the full decision, with the company anonymised, after two years. CNIL acknowledged that Amazon France Logistique has taken some remedial actions, like improving worker information and video surveillance security. However, this did not absolve the company's past violations.