amazon lawsuit privacy shield

German lawsuit accuses Amazon of breaking EU privacy law

The lawsuit takes issue with Amazon’s transatlantic data transfers

Amazon faces a lawsuit in Germany over claims it has continued to transfer data to the United States using an invalidated transfer mechanism known as Privacy Shield.

The move comes after the EU’s top court struck down Privacy Shield in July over fears of U.S. snooping, throwing billions of euros in transatlantic digital trade into a legal limbo.

According to the lawsuit, which is due to be filed in a Munich court on Friday, Amazon continues to use Privacy Shield as a legal basis to send data to the U.S. in violation of the July ruling.

“The [Court of Justice of the European Union] has made it clear that data transfers to the U.S. on the basis of the Privacy Shield are no longer permitted. If the world’s leading cloud company and largest e-commerce provider remains inactive for more than two months and ignores consumer rights, that is unacceptable,” said Johann Hermann, head of Europäische Gesellschaft für Datenschutz (EuGD), the group behind the legal complaint.

Other U.S. tech giants, including Google and Facebook, have dropped the use of the Privacy Shield since the ruling, switching instead to standard contractual clauses (SCCs) — another data transfer instrument.

But use of SCCs is also contentious, with Facebook currently in a court battle with the Irish data protection regulator over its use of the instrument.

EuGD’s lawsuit — which is on behalf of a German consumer — also takes issue with Amazon’s failure to tell the individual what data it holds on them and what it does with the information, in violation of EU rules.

The German group’s founder, Thomas Bindl, said that they had decided to take the legal route rather than file a complaint with a data protection regulator to speed up the process.

“Max Schrems’ experience showed us that it just takes too long with the regulator,” said Bindl, referring to Austrian campaigner Schrems’ battle with the Irish data protection commission over the slow pace of various complaints into Big Tech.

Bindl is not alone. With regulators faltering, privacy activists and consumer groups are increasingly turning to Europe’s court system for results. 

Original article: POLITICO

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts

dpa gdpr

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the application of the GDPR. They

Read More »

Zpracovává vaše společnost osobní údaje?

Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje


Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 

Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?

Kas teie ettevõte kogub ja töötleb isikuandmeid?

Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?

Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data