I don’t understand how this problem of “human error” happened at a company like Amazon/AWS. Perhaps requests for Alexa info are rare enough that the internal interface for servicing such requests isn’t fully automated. But I’d be shocked if the process involved someone (low-level data entry person, or engineer) manually typing in a customer ID number.
There is obviously more to this story than Amazon is telling. https://www.heise.de/downloads/18/2/5/6/5/3/9/6/ct.0119.016-... says that this was a "one-time error" and that "Amazon also claimed that they had discovered the error themselves". It is highly unlikely that either of these are true. The one time they made this error just happens to involve someone who is savvy enough to contact the right journalists to investigate it? And Amazon coincidently discovered the error themselves after being contacted by c't? Amazon is flat out lying.
If there is ever a case for the max GDPR fine to be imposed, this is it.
I wouldn't be shocked at all. Internal tools are never as streamlined as you would think. On top of that, the tools for doing this are probably not that mature given that GDPR hasn't been around that long, nor do a majority of users take advantage of it.
