Amazon have come under fire for “violation of consumers’ rights” as they failed to fully comply with the General Data Protection Regulation (GDPR).
The EU non-profit privacy group, noyb found that the marketplace failed to supply additional information to which consumers are entitled to under the EU law. It said that the data provided by Amazon were in “cryptic formats that made it extremely hard or even impossible for an average user to understand the information…with certain types of raw data were also missing.”
The GDPR requires customers data to be both machine-readable and easily understood by those requesting the information. The right to access data is the cornerstone of the data protection framework. It grants consumers the right to get a copy of their data and to receive additional information. Only when a customer can get an idea of how and why their data is stored, they can realistically uncover violations of the GDPR and consequently take action.
The article 80 of the GDPR also foresees that data subjects can be represented by a non-profit association, as individual users are usually unable to file the relevant legal complaints.
To test how Amazon carries out their GDPR duties noyb’s investigators’ requested a copy of their own data from Amazon and discovered that the marketplace didn’t fully comply.
“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to. In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information. In 1995 the EU already passed data protection laws, but they were simply ignored by the big players. We now have to make sure this does not happen again with GDPR – so far many companies only seem to be superficially compliant.”
-Max Schrems, director of noyb
This means the marketplace could potentially be facing a GDPR penalty breach of up to €20m (£17.7m) or 4% of the business’s global turnover.
This news mark Amazon’s second data-breach scandal as they were blamed for accessing customer’s videos via Ring, security cameras.