Amazon Accused by Activist of Not Providing Basic Email Security

By Sarah Syed | February 19, 2020 Inc. doesn’t provide enough data security for sellers sending emails on its marketplace platform, according to a complaint filed by Noyb, a group created by Austrian privacy activist Max Schrems.

Emails are routed through Amazon servers that in some cases fail to provide so-called TLS encryption, which is a standard safety practice, according to the complaint, which was filed in the German state of Hesse on behalf of a seller on Amazon Marketplace.

This failure violates the European Union’s General Data Protection Regulation, which requires companies to implement appropriate security measures to protect the confidentiality of communications, the group said.

A spokesperson for Amazon didn’t immediately respond to a request for comment.

TLS, or Transport Layer Security, jumbles messages to prevent unauthorized senders or recipients from intercepting data while it’s in transit. It’s not completely fool-proof, but it’s typically inexpensive and easy to implement. Google’s’s Gmail and Apple Inc.’s iCloud Mail use it by default.

“TLS is like an envelope around a letter,” said Stefano Rossetti, a privacy lawyer at Noyb. “If not used, anyone can read the content of an email in transfer.”

Schrems’s group took on dating apps in a complaint last month with the Norwegian Consumer Council. Grindr — described as the world’s largest social networking app for gay, bi, trans, and queer people — gave user data to third parties involved in advertising and profiling, according to the report.

Grindr said at the time “while we reject a number of the report’s assumptions and conclusions, we welcome the opportunity to be a small part in a larger conversation about how we can collectively evolve the practices of mobile publishers and continue to provide users with access to an option of a free platform.”

GDPR came into force in 2018 and sets rules for what websites can do with user data. It mandates that companies must get unambiguous consent to collect information from visitors. The most serious violations can lead to fines of as much as 4% of a company’s global annual sales.

Was this article valuable?

Here are more articles you may enjoy.