Austrian civil society organization launches complaint against Amazon for GDPR breach

NOYB, a civil society organization led by privacy activist Max Schrems, announced having filed a complaint against Amazon to the German data protection authority. The complaint argues that the emails sent via Amazon’s servers contain information such as users’ IP and email address, name, surname,  purchase  details as well as other metadata, and are not sufficiently protected by Amazon. This could result in a breach of Article 5 of the GPDR, according to which controllers and processors must ensure “appropriate security of the personal data, including protection against  unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures” (Article 5(1)(f) GDPR). According to Reuters, the complaint was submitted in Germany because the seller was located in the German state, but the data protection authority of Luxembourg is likely to investigate the matter too as Amazon has its European headquarters there.