C024 Amazon (Luxemburg)

Data Security
Case project
Filing DPA
Controller
Amazon (Luxemburg)
Case status
Pending (4 years and more)
Filed: (4 years 10 months ago)

noyb submitted a complaint to the supervisory authority of the state of Hessia in Germany on behalf of an Amazon seller, as the GDPR requires companies to implement “appropriate” security measures, such as encryption, to protect the confidentiality of communications. As TLS encryption is very cheap and simple to implement and the number of sellers and customers on Amazon is very high, it seems inappropriate to neither require not allow TLS for emails. Surprisingly, the Amazon servers reject TLS connections in certain cases, for example when third party sellers on Amazon communicate with customers vie email. This means that millions of emails that are sent via Amazon may be exposed.

Protocol
Data Summary
18.05.2022
Email to Bayern DPA
18.05.2022
Information that SA will call LU SA to move the procedure forward.
12.05.2022
Asking for update
12.08.2020
update request with the Bayern DPA
12.05.2020
Bayern DPA informs that Lux DPA is the LSA
11.05.2020
DSB confirms Bayern DPA is the German LSA
19.02.2020
Complaint filed