One of the drawbacks of the growing presence of electronic technology in the labor process is the ability of managers to conduct continuous surveillance of workers. Those who toil at computers have their keystrokes measured and evaluated, while others are monitored via handheld scanners or other devices.
U.S. corporations think they have every right to use these techniques in the pursuit of maximum output and higher profits. As Amazon.com has just learned, that may not be so easy when it comes to their European operations. The e-commerce giant was just fined the equivalent of $35 million for employing an “excessively intrusive” system of electronic monitoring of employee performance at its warehouses in France.
The French Data Protection Authority (CNIL) said it was illegal for Amazon to measure movements of workers to such an extent that they would have to justify every moment of inactivity. CNIL condemned Amazon not only for using what it called “continuous pressure” but also for retaining the monitoring data for too long.
CNIL’s case was based on the European law known as the General Data Protection Regulation (GDPR), which includes a principle largely unknown in the United States: data minimization. Americans are used to giving up vast amounts of personal information to corporations. In Europe, companies are supposed to restrain their data appetites.
That message has not gotten through to American firms operating in the EU, especially the tech giants. Meta Platforms, the parent of Facebook, has been fined more than $5 billion for GDPR penalties—far more than any other company. Alphabet Inc., parent of Google, has racked up over $900 million in fines. Even Amazon has previously run afoul of the law. In 2021 it was fined over $800 million for misusing the personal data of customers. An appeal is pending.
What is relatively unusual about the latest fine against Amazon is that it involves GDPR violations in the relationship between employers and workers, as opposed to companies and their customers. Employment-based cases are not unheard of. In fact, Amazon itself was fined over $2 million for improperly doing criminal background checks on freelance drivers.
What makes the new case even more remarkable is that it concerns not only personal information but also the labor process. The CNIL’s challenge to Amazon’s monitoring is a challenge to its ability to control what workers do every moment they are on the job.
By restricting intrusive employee monitoring, the GDPR is being used to shield workers from the worst forms of exploitation. And because excessive monitoring pressures workers to do their job in an unsafe manner, the law also protects against occupational injuries. In other words, it is challenging management domination of the workplace.
It remains to be seen whether the CNIL and the other agencies enforcing the GDPR in Europe go after other employers engaged in intensive monitoring or if they treat Amazon as an outlier requiring a unique form of enforcement. For now, at least, the CNIL has shown the possibility of using privacy regulation to enhance the liberty and well-being of workers.