Amazon Italia Transport s.r.l. – €40,000 Fine (Italy, 2023)
Amazon Italia Transport was fined for placing cookies on users' devices before getting their consent. This ruling is crucial because it reinforces the need for businesses to ask for permission before tracking users online. Companies should review their cookie consent practices to avoid penalties.
What happened
Amazon Italia Transport was fined for using cookies without obtaining user consent first.
Who was affected
Website visitors who were tracked by Amazon's cookies without their consent.
What the authority found
The Italian DPA determined that Amazon violated GDPR by not securing consent before placing cookies on users' devices.
Why this matters
This case serves as a reminder that businesses must prioritize user consent for tracking technologies. Companies should ensure their cookie policies are compliant with privacy regulations.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A data subject brought a complaint to the Italian DPA against Amazon Italia Transport s.r.l. (the controller). The complainant claimed that the controller, his former employer, did not provide a reply to his access request within the time limits laid down by Article 12(3) GDPR. Thus, on 26 January 2022, the DPA requested the controller to submit its observations on the matter. On 4 February 2022, the controller provided that because the complainant’s request was broad and generic, internal coordination between the various departments concerned was needed, which did not allow it to comply with the request within the time limits set by Article 12 GDPR. The personal data requested by the complainant and further information relating to the processing of the personal data were then provided by the controller. On the basis of the declarations made by the controller, the DPA notified it on 21 March 2022 of the initiation of the sanctioning procedure under [https://www.garanteprivacy.it/codice Article 166(5) of the Italian Privacy Code] in relation to the alleged breaches of Article 12(3) GDPR and Article 15 GDPR. In light of the information provided by the controller, the DPA noted that the controller responded to the complainant’s access request under Article 15 GDPR almost six months after the deadline set by the GDPR and only after the filing of the complaint and the opening of the enquiry by the DPA. The DPA also acknowledged that the controller declared to not have responded to the request in a timely manner due to the vastness and generality of the information requested by the complainant. Request that made it impossible for the controller to provide a more detailed response. However, referring to the [https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-012022-data-subject-rights-right-access_en EDPB Guidelines 01/2022], the DPA reiterated that a controller who processes a large amount of information relating to the data subject may ask the da
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Amazon Italia Transport s.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
16 November 2023
Authority
Garante per la protezione dei dati personali
Fine Amount
€40,000
GDPRhub ID
gdprhub-7424About this data
Cite as: Cookie Fines. Amazon Italia Transport s.r.l. - Italy (2023). Retrieved from cookiefines.eu
Last updated: