C024 Amazon (Luxemburg)

Data Security

Case project

Data Security

Filing DPA

BayLDA (Bavaria)

Controller

Amazon (Luxemburg)

Case status

Pending (4 years and more)
Filed: (4 years ago)

noyb submitted a complaint to the supervisory authority of the state of Hessia in Germany on behalf of an Amazon seller, as the GDPR requires companies to implement “appropriate” security measures, such as encryption, to protect the confidentiality of communications. As TLS encryption is very cheap and simple to implement and the number of sellers and customers on Amazon is very high, it seems inappropriate to neither require not allow TLS for emails. Surprisingly, the Amazon servers reject TLS connections in certain cases, for example when third party sellers on Amazon communicate with customers vie email. This means that millions of emails that are sent via Amazon may be exposed.

Protocol

Date Summary
18.05.2022
Email to Bayern DPA
18.05.2022
Information that SA will call LU SA to move the procedure forward.
12.05.2022
Asking for update
12.08.2020
update request with the Bayern DPA
12.05.2020
Bayern DPA informs that Lux DPA is the LSA
11.05.2020
DSB confirms Bayern DPA is the German LSA
19.02.2020
Complaint filed