The European privacy regulator has fined Amazon with the largest EU privacy fine ($887 Million USD) to date. Luxembourg’s data protection commission, the Commission Nationale pour la Protection des Données or CNPD, issued a ruling on July 16 the company disclosed in a securities filing.
This is the largest penalty under the current EU privacy law, according to The Washington Post. The $887M fine against eCommerce giant Amazon was for violations of the EU privacy law.
In a statement to the Washington Post, Amazon denies that the decision is related to any data breach and that “no customer data has been exposed to any third party.”
The CNPD is the lead privacy regulator for Amazon in the EU because its European headquarters are located in Luxembourg City.
Amazon’s Alleged Violations
The original case relates to alleged violations of Europe’s General Data Protection Regulation, or GDPR, which is the EU’s comprehensive suite of privacy and data protection laws implemented in 2018. The alleged violations are linked to Amazon’s collection and use of personal data as per the Wall Street Journal’s source. It is not related to the tech giant’s cloud-computing business, Amazon Web Services. The source declined to elaborate on the specific allegations against Amazon.
Response to the EU Privacy Proposed Fine
Per a statement to BBC News, Amazon plans to “defend itself vigorously” as they believe the fine is “without merit”.
The GDPR has caused many companies to review their own privacy and data policies. It has specifically led to changes in how companies use their customers’ personal data. Amazon has previously stood on its commitment to keep the privacy of its customers a priority, noting that it complies with the law in countries where it operates. The CNPD isn’t allowed to comment on individual cases at this time per their spokesman.
When Will Amazon See the GDPR Fine Enforced
The GDPR states that a company or organization can receive a maximum fine of 4% of their global sales for severe regulatory infringements. The current fine is equal to slightly more than 0.23% of Amazon’s $386.1 billion in annual revenue in 2020. However, Amazon is planning on appealing the $887m fine and such cases can run for years due to appeals.
Other companies that have received GDPR fines
- Twitter was fined $548,400 (€450,000) over an issue with its Android app that caused some private tweets to become public.
- Google received a fine of $57 million related to the company failing to make its consumer data processing statements easily accessible to its users.
- LocateFamily.com received a fine of $635,565 (€ 525,000) related to its failure to adhere to the General Data Protection Regulation (GDPR).
This article was previously published on 6/13/2021 and updated on 8/2/2021 in regards to the updated fine amount.
