Do you remember Max Schrems? Let’s refresh your memory, he became known for campaigning against Facebook’s privacy violations. Including the company’s violation of EU privacy laws.
Now that we’ve cleared up who Mr Schrems is, we discovered that the non-profit group he leads called Noyb has filed a complaint against Amazon. The complaint is over Amazon’s lack of basic email security for sellers sending emails on the company’s marketplace platform.
Amazon Marketplace servers reject #TLS connections for emails. It seems many emails are sent without any encryption (like an “open letter”). We (@noybeu) have sent a complaint unter Article 32 #GDPR… 😉https://t.co/2AHbo91vxF pic.twitter.com/JzlUXDNhez
— Max Schrems 🇪🇺🇦🇹 (@maxschrems) February 19, 2020
According to the complaint, which was filed in the German state of Hesse on behalf of a seller on Amazon marketplace, emails are routed through Amazon servers that in some cases fail to provide the so-called TLS encryption. This failure violates Article 32 of the EU’s GDPR which requires companies to implement appropriate security measures in order to protect the confidentiality of communications.
Noyb’s privacy lawyer Stefano Rossetti said: “TLS is like an envelope around a letter. If not used, anyone can read the content of an email in transfer.” The Amazon servers rejecting TLS connections (in certain cases) means millions of emails sent via Amazon may be exposed every day.
The Hesse data protection authority (DPA) will have to investigate the matter. They will also verify whether or not Amazon’s systems appropriately protect users’ privacy. It’s likely that this case will also be handled by the Luxembourg Data Protection Authority. After all, Amazon has its European headquarter in Luxembourg. In such a case the DPAs can fine Amazon up to 2% of its global turnover, which would be up to € 4 billion.