Tuesday, May 28

Amazon Hit With Record EU Privacy Fine

The penalty of $887 million is a sign that the bloc’s privacy regulators are taking a more aggressive stance on enforcement

Amazon Inc. AMZN -6.91% has been fined 746 million euros, equivalent to $887 million, by a European Union privacy regulator for violations related to its advertising, by far the largest-ever fine under the EU’s data protection law.

The fine, which Amazon disclosed Friday in a securities filing, was issued two weeks ago by Luxembourg’s privacy regulator, the CNPD, and accompanied by an order to revise certain business practices that Amazon didn’t specify.

Amazon said the regulator’s decision was without merit and that it would appeal in court. “The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation,” the company said.

. The CNPD is Amazon’s lead privacy regulator in the bloc because Amazon has its EU headquarters in Luxembourg.

in early June it was reported that the CNPD had circulated a draft decision sanctioning Amazon’s privacy practices and proposing a fine of more than $425 million to the EU’s 26 other national data protection authorities.

In such cross-border privacy cases, decisions must effectively be agreed upon by other EU privacy regulators, a process that can lead to substantive changes, including a higher or lower fine. The Journal reported that Luxembourg had received at least one complaint from another EU privacy regulator that the fine should be higher.

The record fine is a sign that EU privacy regulators are taking a more aggressive stance on enforcement, some three years after the EU’s privacy law, the General Data Protection Regulation, went into effect.

So far, the largest fine under the GDPR was a €50 million fine against Google in 2019.

Luxembourg’s fine would represent roughly 4.2% of Amazon’s reported net income of $21.3 billion for 2020, and 0.2% of its $386 billion in sales. Under the GDPR, regulators can fine up to 4% of a company’s annual revenue.

Leave a Reply

Your email address will not be published. Required fields are marked *