Three ex-Amazon employees go public to raise awareness of serious privacy issues. In their opinion, the e-commerce giant does not want to comply with applicable regulations.

There are very serious allegations that three formerly high-ranking Amazon employees raise against Politico. All three were responsible for monitoring information security in different units, but too often could not get their way with their notices, warnings and complaints. In the end, the employees who had obviously become too critical were removed from the workforce.

The whistleblower’s allegations focus on that Amazon’s trading business. They expressly point out that Amazon Web Services, the manufacturer’s cloud business, are not affected by the allegations. Rather, the data security concepts used there are world leaders. In any case, the AWS business is largely conducted away from the main company with only a few contact points.

Amazon should not know which data is stored where and who has access to it

In its core area, however, there should be a real data chaos. Amazon does not even know which data is stored where. Amazon cannot guarantee the right to be forgotten, which is one of the central legal claims of the European General Data Protection Regulation (GDPR), because the company does not know what needs to be deleted where.

This ignorance about storage types and locations puts the data of millions of customers at risk, because a small gap in this way could have unexpected consequences. Anyone who does not know which data is stored where cannot use an effective protection strategy against the exploitation of this data.

There is also no control over which employees have access to which data. The whistleblowers claim to have found thousands of accounts of ex-employees who would still have system rights and would have had access to the Amazon data centers even after their employment relationships ended.

Management level should not have been interested in problems

Notes and Warnings were generally ignored or ignored by higher-level bodies. Sometimes the same problem had to be pointed out for years in order to eliminate it. Sometimes superiors simply ignored the reports.

The whistleblowers paint a picture of a management system that makes data security optional Considers luxury and is prepared to disregard existing internal rules at will. The managers are said to have shown great creativity and sometimes deliberately misclassified data in order to circumvent certain test processes.

EU whistleblower accuses Amazon of lacking GDPR compliance

One of the whistleblowers was in of the Luxembourg branch for compliance with the GDPR and also complains about stumbling blocks that were put in his way. Amazon only started to deal with the topic in April 2018, one month before the GDPR measures came into force. Prior to this, all attempts to prepare properly had been blocked.

This should not only be on the middle one Hierarchy levels have happened. Reports about risks and deficiencies that were addressed to Jeff Wilke, the CEO of Amazon and responsible for the global consumer business, are said to have remained without feedback.

Ultimately, the ex-employee claims to have gained the impression that the Amazon headquarters deliberately undermined the competencies of the Luxembourg branch and wanted the team to bleed to death. All three ex-employees state that they have been pushed out of the company. This was preceded by periods in which they would no longer have been informed about meetings, no longer received the necessary information and all in all would have been ignored. One of the ex-employees describes Amazon’s approach as the “systematic elimination” of people who wanted to formulate and address compliance problems.

Amazon rejects the allegations and implies that the employees have moved outside of their competencies and should therefore be contained. The allegations are false, at least inaccurate or out of date. On the contrary, Amazon has an excellent culture of data security, in which the protection of customer data has the highest priority.

Most Read