Employee monitoring: CNIL fined AMAZON FRANCE LOGISTIQUE €32 million

23 January 2024

On 27 December 2023, the French Data Protection Authority (CNIL) fined AMAZON FRANCE LOGISTIQUE €32 million for setting up an excessively intrusive system for monitoring employee activity and performance. The company was also fined for video surveillance without information nor sufficient security.

The essentials

AMAZON FRANCE LOGISTIQUE manages the AMAZON group's large warehouses in France, where it receives and stores items and then prepares parcels for delivery to customers. As part of its activities, each warehouse employee is given a scanner to document the performance of certain tasks assigned to them in real time (storage or removal of an item from the shelves, putting away or packing, etc.).

Each scan carried out by employees results in recording of data, which is stored and used to calculate indicators providing information on the quality, productivity and periods of inactivity of each employee.

Following press articles about practices of the company in its warehouses, the CNIL carried out several investigations. It also received several complaints from employees.

The CNIL considered that the system for monitoring employee activity and performance was excessive, in particular for the following reasons:

  • Indicators tracking the inactivity time of employees' scanners were put in place. The CNIL ruled that it was illegal to set up a system measuring work interruptions with such accuracy, potentially requiring employees to justify every break or interruption.
  • The CNIL ruled that the system for measuring the speed at which items were scanned was excessive. Based on the principle that items scanned very quickly increased the risk of error, an indicator measured whether an item had been scanned in less than 1.25 seconds after the previous one.
  • More generally, the CNIL considered excessive to keep all the data collected by the system, as well as the resulting statistical indicators, for all employees and temporary workers, for a period of 31 days.

The CNIL did not question the fact that the very heavy constraints weighing on Amazon's business, and the high performance targets that the company has set itself, can justify the scanner system put in place to manage its business. However, it considered that the retention of all this data and the resulting statistical indicators were disproportionate overall.

As a result, the restricted committee – the CNIL body responsible for issuing sanctions – has imposed a fine of €32 million on AMAZON FRANCE LOGISTIQUE. 

In order to determine the amount of the penalty, the restricted committee took into account in particular the fact that the processing of employee data using scanners was different from traditional activity monitoring methods due to the scale on which they were implemented, both by their exhaustiveness and their permanence, and led to very close and detailed monitoring of employees' work.

Such systems kept employees under close surveillance for all tasks carried out with scanners and thus put them under continuous pressure. It also took into account the large number of people involved (several thousand) and considered that the constraints imposed on employees through this computer monitoring contributed directly to the company's economic gains and gave it a competitive advantage over other companies in online sales market.

Breaches sanctionned

The CNIL has found AMAZON FRANCE LOGISTIQUE several breaches to the GDPR.

Breaches related to employee monitoring using scanners

Breaches related to warehouse stock and order management

The company uses indicators on employee activity and performance, collected with the help of scanners, to manage stocks and orders in its warehouses in real time.

Failure to comply with the data minimisation principle (Article 5.1.c of the GDPR)

The stock and order management process breaks down into several tasks (receiving items, storing inventory, preparing and sending orders) and also relies on the management of each employee in order to provide them, if necessary, with assistance in carrying out these tasks (coaching) or to reassign them to other tasks if necessary.

However, the restricted committee considers that providing assistance to an employee or reassigning them in real time does not require access to every detail of the employee's quality and productivity indicators collected using the scanners over the last month. It points out that supervisors can already rely on the data reported in real time to identify any difficulties an employee may be experiencing that may require coaching, or to identify employees to be reassigned to a task in the event of a peak in activity. It therefore believes that, in addition to real-time data, a selection of aggregated data, on a weekly basis for example, would be sufficient.

Failure to ensure lawful processing (Article 6 of the GDPR)

The restricted committee considers that three indicators processed by the company are illegal:

  • the "Stow Machine Gun" indicator, which signals an error when an employee scans an item "too quickly" (i.e. in less than 1.25 seconds after scanning a previous item);
  • the "idle time" indicator, which signals periods of scanner downtime of ten minutes or more;
  • the "latency under ten minutes" indicator, which signals periods of scanner interruption between one and ten minutes.

Without questioning the need for precise monitoring of the handling carried out and the situation of each employee, in order to ensure the quality of service and safety in its warehouses, the restricted committee nevertheless noted that the processing of these three indicators could not be based on legitimate interest, as it led to excessive monitoring of the employee regarding the objective pursued by the company.

Firstly, the processing of the Stow Machine Gun indicator means that any storage carried out by an employee can be constantly monitored to the nearest second, and an error can be associated with it if the employee tidies up too quickly.

Secondly, the use of the "idle times" and "latency under ten minutes" indicators makes it possible to constantly monitor any time an employee's scanner is interrupted on a direct task, even for a very short time (under ten minutes or over ten minutes).

However, the restricted committee notes that the company already has access to numerous indicators in real time, both individual and aggregated, in order to achieve its objective of quality and safety in its warehouses.

It also points out that the processing of these two indicators means that the employee is potentially required to justify at any time that he is interrupting his scanner, even for a very short time.

As implemented, the processing is considered to be excessively intrusive.

Breaches regarding work schedule and employee appraisal

The company also uses the employee activity and performance data and indicators collected by the scanners to plan work in its warehouses, assess employees each week and train them.

Failure to comply with the data minimisation principle (article 5.1.c of the GDPR)

The restricted committee considers that the work schedule in the warehouses, along with the assessment and training of the employee do not require access to every detail of the data and statistical indicators provided by the scanner used by the employee and reported over the last month.

It considers that statistics per employee, aggregated over the week for example, are sufficient to assess an employee's mastery of a task and to put together relevant teams. In the same way, such statistics provide an overview of an employee's performance and are sufficient to assess and identify training needs or to monitor the employee's progress.

Lastly, the restricted committee considered that the objective of monitoring the employee's actual work, evaluating or training them did not justify recording any time of inactivity of more than ten minutes.

Failure to comply with the obligation to provide information and transparency (Articles 12 and 13 of the GDPR)

The restricted committee found that, until April 2020, temporary workers for the company were not properly informed, as the company did not ensure that the privacy policy had been given to them before their personal data was collected using the scanners.

Breaches related to video surveillance processing

Failure to comply with the obligation to provide information and transparency (Articles 12 and 13 of the GDPR)

The restricted committee noted that neither employees nor external visitors were properly informed of the video surveillance systems, since some of the information required by Article 13 of the GDPR was not provided either on the notice boards or in other media or documents.

Failure to comply with the obligation to ensure security of personal data (Article 32 of the GDPR)

The restricted committee noted that access to the video surveillance software was not sufficiently secure, since the access password was not strong enough and the access account was shared between several users. This accumulation of security defects makes it more difficult to trace access to video images and to identify each person who has carried out actions on the software.