Bytesize Legal Updates: The CNIL fines Amazon France Logistique €32 million

Welcome to another episode of Fieldfisher's Bytesize Legal Updates podcast, where we bring you the very latest legal updates on key developments in technology and data protection law. In this episode, Moira Campbell and Eilish Beeby discuss the excessive employee monitoring practices deployed by Amazon France Logistique (AFL) and the subsequent €32 million fine received from the French data protection regulator, the CNIL.

A deeper dive into the key findings and implications

AFL equipped its warehouse staff with handheld barcode scanners, which not only facilitated their tasks but also continuously collected and recorded data on their activities. However, the CNIL deemed this monitoring to be excessive and disproportionate, violating the rights and interests of workers. AFL's precise monitoring exceeded the reasonable expectations of employees and put them under constant pressure.

The CNIL also highlighted the implications of such extensive monitoring on employment law. The close and precise surveillance could lead to employee stress, health, and safety issues, and even claims of constructive unfair dismissal. The trust and confidence between AFL and its employees were at risk due to these disproportionate monitoring practices.

Apart from invasive monitoring, AFL's lack of transparency further aggravated the situation. Temporary workers and external visitors were not adequately informed about the extensive video surveillance systems in place. Compliance with the GDPR's transparency requirements is crucial, and organizations should proactively provide privacy notices to individuals rather than simply making them available on internal platforms.

Furthermore, AFL's security practices were found to be lacking. The inadequate password strength and the sharing of software accounts raised concerns about data protection. Regulators emphasize the need for robust passwords and the avoidance of shared access to accounts to ensure the security of personal data.

How the CNIL determined the fine

When determining the fine for AFL, the CNIL considered several factors, including the nature of monitoring, lack of information, scale of monitoring, security breaches, and the negative impact on workers. AFL partially mitigated its position by taking steps to address the concerns raised, but this did not absolve them completely.

The CNIL's decision to fine AFL serves as a wake-up call for companies relying on extensive employee monitoring systems. Data protection impact assessments and considering legitimate interests are essential in justifying the use of such systems. Transparency, data minimisation, and robust security measures must be prioritized to avoid similar regulatory actions.

Employers should be cautious when using employee monitoring data for appraisals and performance management, ensuring that decisions are not solely based on data collected through monitoring. Balancing the legitimate business interests with the impact on employees is crucial to avoid fines and legal challenges.

Thank you for joining us for this episode of Bytesize Legal Updates!

Listen to the full episode on your podcatcher of choice and subscribe to the Bytesize Legal Updates series.