Amazon Italia Logistica s.r.l. – Violation Found (Italy, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Amazon Italia was investigated for how it handled employee data in its warehouses. This is significant because it raises concerns about employee privacy and how companies manage personal information. Companies need to be careful about how they collect and store employee data.
What happened
Amazon Italia was investigated for using a platform that tracked employee absences and allowed managers to add personal comments about employees.
Who was affected
Employees working in Amazon's warehouses were affected by this data handling.
What the authority found
The Garante found that Amazon's practices raised serious privacy concerns but did not classify specific violations.
Why this matters
This investigation highlights the need for companies to be transparent and careful with employee data. Businesses should review their data practices to protect employee privacy.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The DPA began an ex-officio investigation against Amazon Italia Logistica s.r.l. (the controller), following media reports on the way the controller was processing employees’ (the data subjects) personal data in warehouses managed by the controller. The DPA investigated the use of a platform that notified managers on the need to interview data subjects in specific situations (e.g. after a data subject returns from a leave of absence) or based on the score in an algorithm that takes into consideration the number and duration of data subjects’ absences. The DPA found that the platform also allowed managers to add comments in the free text fields of the data subjects’ individual records. This was used by managers to add detailed information related to data subjects, such as their medical conditions, involvement in trade unions, information on their families’ personal life, and concerns relating to personal relationships between data subjects. The controller retained this data for the entire duration of the employment relationship, and for up to ten years after its termination. Finally, the DPA found that this data is shared between teams, and that personnel of several roles had broad access to this data. The DPA also investigated the video surveillance cameras placed in areas reserved for employees, especially bathrooms and break areas. The DPA found that the cameras were positioned in a way that allowed the controller to identify individuals accessing the bathrooms and break area, even if a privacy masking function was activated. The controller argued that the purpose was to protect common areas. The DPA found that the controller had unlawfully processed data subjects’ personal data. First, the controller processed data subjects’ personal data in its platform that was not relevant for the purposes of assessing their professional aptitudeIn this regard, the DPA referenced Article 8 of the so-called "Workers' statute" (l. 300/1970). Among other things, the law regul
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (1)
Other enforcement actions involving Amazon Italia Logistica s.r.l. in IT
Details
Decision Date
24 February 2026
Authority
Garante per la protezione dei dati personali
GDPRhub ID
gdprhub-9882About this data
Cite as: Cookie Fines. Amazon Italia Logistica s.r.l. - Italy (2026). Retrieved from cookiefines.eu
Last updated: