Amazon’s warehouse management arm in France was assessed a penalty of 32 million euros (U.S. $35 million) for violating the General Data Protection Regulation (GDPR) by excessively tracking the productivity of employees.

The fine, levied in December and announced Tuesday by the French data protection authority, CNIL, in a press release, was imposed against Amazon France Logistique for multiple alleged breaches of the GDPR related to data minimalization and lawful video surveillance processing.

Amazon said in a statement it “strongly disagreed” with the CNIL’s findings and reserved the right to appeal.

The details: Responding to media coverage and complaints from employees, the CNIL said it carried out multiple investigations at Amazon’s French warehouses. It took issue with elements of the shipping giant’s practice of having employees document performance via scanner, including:

  • The system potentially requiring employees to justify every break or interruption;
  • Its excessive nature for measuring productivity; and
  • Amazon’s excessive storage of the data it captured.

“The CNIL did not question the fact that the very heavy constraints weighing on Amazon’s business, and the high performance targets that the company has set itself, can justify the scanner system put in place to manage its business,” the regulator said. “However, it considered that the retention of all this data and the resulting statistical indicators were disproportionate overall.”

The CNIL added, “The processing of employee data using scanners was different from traditional activity monitoring methods due to the scale on which they were implemented, both by their exhaustiveness and their permanence.”

Compliance considerations: The CNIL alleged violations of Articles 5, 6, 12, 13, and 32 of the GDPR.

It said Amazon did not need to rely on productivity data from employees tracked over a month instead of analyzing real-time or weekly results. It also accused the company of not properly informing temporary employees regarding their being tracked.

The regulator added access to Amazon’s video surveillance software was “not sufficiently secure.”

Company response: In its statement, Amazon defended certain of its practices the CNIL questioned.

“While we are confident our business model and practices comply with European and French applicable regulations, we have worked constructively with the CNIL throughout the procedure to address the questions they raised,” it said.