Case project
Filing DPA
Controller
Amazon (Luxemburg)
Case status
Pending (4 years and more)
Filed:
(4 years 2 months ago)
noyb submitted a complaint to the supervisory authority of the state of Hessia in Germany on behalf of an Amazon seller, as the GDPR requires companies to implement “appropriate” security measures, such as encryption, to protect the confidentiality of communications. As TLS encryption is very cheap and simple to implement and the number of sellers and customers on Amazon is very high, it seems inappropriate to neither require not allow TLS for emails. Surprisingly, the Amazon servers reject TLS connections in certain cases, for example when third party sellers on Amazon communicate with customers vie email. This means that millions of emails that are sent via Amazon may be exposed.
Protocol
| Date | Summary |
|---|---|
| 18.05.2022 | Email to Bayern DPA |
| 18.05.2022 | Information that SA will call LU SA to move the procedure forward. |
| 12.05.2022 | Asking for update |
| 12.08.2020 | update request with the Bayern DPA |
| 12.05.2020 | Bayern DPA informs that Lux DPA is the LSA |
| 11.05.2020 | DSB confirms Bayern DPA is the German LSA |
| 19.02.2020 | Complaint filed |