February 6, 2024
The French data protection watchdog CNIL has fined Amazon France Logistique €32m, equivalent to 3 percent of the entity’s annual turnover, approaching the maximum permitted level of 4 percent. Describing Amazon’s employee surveillance as “excessive”, the regulator also cited instances where the monitoring of staff was found to be outright illegal, by breaching the General Data Protection Regulation (GDPR).
Although CNIL did not contest Amazon’s argument that it had a legitimate right to monitor its workers in detail and in real time, CNIL contended that the manner in which Amazon scrutinised its staff disproportionately affected the rights of the company’s employees working in its warehouses.
The regulator was particularly concerned with employee surveillance practices that it deemed to be at odds with workers’ rights in relation to health and safety, as well as regarding the protection of their personal and private lives.
Among the examples of such monitoring by Amazon management was the recording of data captured by employees’ handheld scanners, which tracked their activity to such a precise degree that it led to workers potentially having to justify each break that they took during the working day.
CNIL found that such monitoring was highly intrusive and would therefore be likely to have a negative impact on staff morale in the workplace. Weighing up the interests of the employer against the interests of its employees led the regulator to deem that such data processing had no legal basis and was therefore in contravention of GDPR law.
While CNIL’s ruling did not come as a great surprise, the size of the fine imposed raised eyebrows throughout the business world. By imposing a such a large fine, CNIL signalled to Amazon and its peers that it has no qualms taking a robust stance against the abuse of workers’ rights.
The rise in remote working means employers have the excuse to look over employees’ shoulders
Whether the hefty fine represents a warning shot to force other employers to fall in line, or whether it is instead the opening shot of a wider campaign against Amazon and other companies that could spill over into other jurisdictions, remains to be seen. In any event, CNIL’s decisive enforcement of data protection laws is a significant milestone in the effort to protect workers’ rights, especially since recent advancements in monitoring technology and the rise in remote working have led to employers now having both the ability and the excuse to look over employees’ shoulders.
CNIL’s rationale for finding against Amazon, and imposing such a punitive fine, appears to corroborate the stance of its British counterpart, the Information Commissioner’s Office (ICO). The ICO’s October 2023 monitoring guidance acknowledged that while employers may have legitimate reasons to monitor their workers, such as ensuring quality, security, or compliance, consideration must also be given to the fact that such monitoring can have severe impacts on dignity, trust, and morale.
While there is undoubtedly a benefit to companies from the rapid technological advancement in recent years which has created opportunities for employees to track productivity and compliance, the growing conflict between employee monitoring and data protection offers plenty of space for company management to break GDPR rules.
CNIL’s withering report on Amazon’s employee surveillance in its French warehouses laid bare dubious practices similar to the company’s system for monitoring workers at its facilities in the UK, which was already known to Westminster MP’s. A parliamentary select committee heard in 2022 that employees could be fired if that had three productivity flags on the company’s systems.
The Business, Energy and Industrial Strategy Committee later stated that it had written to Amazon to outline its concern that the technology would put “undue stress on its workforce” as a result of its use. Fairly balancing the benefits to companies from detailed monitoring of its workforce and the costs to employees of being so stringently surveilled is, according to regulators in multiple jurisdictions, a critical part of decision-making when deciding how intrusive such scrutiny should be.
All companies must consider whether it is legally sound and justifiable to be monitoring staff. Businesses cannot throw forward a mixed number of reasons, some operational and some employee-related, to try to show overall justification for their actions.
When monitoring becomes excessive
Unreasonable monitoring of employees also leads to a whole host of issues beyond GDPR. Whole-workplace monitoring could certainly bolster trade unions and spur on industrial action. Global supply chains have already been disrupted by geopolitical factors and in this context, employers would be wise to avoid inviting further disruption.
Individuals could also claim that excessive monitoring breaches the implied duty of trust or the duty to provide a safe working environment that employers must allow their employees, allowing them to allege a breach of contract, opening the door to serious Employee Relations issues.
Before introducing any new monitoring systems, employers must give due consideration to workers’ rights if they wish to avoid breaking both employment and data protection laws. Any such measures must be entirely proportional, transparency, and justified by a coherent rationale.
Crucially, risk assessment and review processes need to be in place, especially as employees become inevitably disillusioned as invasive monitoring becomes ever-more commonplace.