Amazon Italia Transport s.r.l. – €40,000 Fine (Italy, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Amazon Italia Transport was fined €40,000 for taking too long to respond to a former employee's request for their personal data. The company delayed its response for almost six months. This case underlines the importance of timely communication with individuals regarding their data.
What happened
Amazon Italia Transport failed to respond to a former employee's data access request within the required timeframe.
Who was affected
A former employee who requested access to their personal data from Amazon Italia Transport.
What the authority found
The Italian Data Protection Authority found that Amazon did not comply with GDPR's time limits for responding to data requests.
Why this matters
This case stresses the need for companies to respond promptly to data requests. Delays can result in significant fines and damage to reputation.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
A data subject brought a complaint to the Italian DPA against Amazon Italia Transport s.r.l. (the controller). The complainant claimed that the controller, his former employer, did not provide a reply to his access request within the time limits laid down by Article 12(3) GDPR. Thus, on 26 January 2022, the DPA requested the controller to submit its observations on the matter. On 4 February 2022, the controller provided that because the complainant’s request was broad and generic, internal coordination between the various departments concerned was needed, which did not allow it to comply with the request within the time limits set by Article 12 GDPR. The personal data requested by the complainant and further information relating to the processing of the personal data were then provided by the controller. On the basis of the declarations made by the controller, the DPA notified it on 21 March 2022 of the initiation of the sanctioning procedure under [https://www.garanteprivacy.it/codice Article 166(5) of the Italian Privacy Code] in relation to the alleged breaches of Article 12(3) GDPR and Article 15 GDPR. In light of the information provided by the controller, the DPA noted that the controller responded to the complainant’s access request under Article 15 GDPR almost six months after the deadline set by the GDPR and only after the filing of the complaint and the opening of the enquiry by the DPA. The DPA also acknowledged that the controller declared to not have responded to the request in a timely manner due to the vastness and generality of the information requested by the complainant. Request that made it impossible for the controller to provide a more detailed response. However, referring to the [https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-012022-data-subject-rights-right-access_en EDPB Guidelines 01/2022], the DPA reiterated that a controller who processes a large amount of information relating to the data subject may ask the da
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Amazon Italia Transport s.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
16 November 2023
Authority
Garante per la protezione dei dati personali
Fine Amount
€40,000
GDPRhub ID
gdprhub-7424About this data
Cite as: Cookie Fines. Amazon Italia Transport s.r.l. - Italy (2023). Retrieved from cookiefines.eu
Last updated: