The national commission for data protection, CNPD, has imposed a record fine of €746 million on Amazon for violations of EU privacy rule. This is double the amount proposed in the June draft and contested by the American giant, which reported record quarterly results this week.
It’s been more than three years, dating back to 28 May 2018 when the General Data Protection Regulation (GDPR) came into force, since various privacy stakeholders accused Amazon of illegally collecting and using itscustomerts’ data and took the matter to the relevant authorities.
At the beginning of June, the Wall Street reported a draft fine of €350 million. According to information revealed by Bloomberg, the fine eventually amounted to €746 million, the highest fine ever imposed on a technology giant in Europe.
As Amazon has its European headquarters in Luxembourg, the national data protection watchdog CNPD was given the mandate to handle the case, as required by the GDPR.
In an initial statement, Amazon has said it will appeal. “Protecting our customers’ information and their trust is a top priority for Amazon,” an Amazon spokesperson commented in a statement. “There has been no data leakage, and no customer data has been exposed to any third party. These facts are undisputed. We strongly disagree with the CNPD’s decision and intend to appeal it. The decision, relating to the way we present relevant advertisements to customers, is based on subjective and untested interpretations of EU data protection regulations. The proposed fine is totally disproportionate, including under this interpretation.”
Amazon says it has cooperated at all stages of the investigation. Indeed, the time taken by the investigation was criticsed in Luxembourg, and the CNPD was suspected of dragging its feet to avoid having to punish the company. In addition, the investigation was complex and consisted in part in scrutinising exchanges between the company and the Luxembourg authorities, which can be rather time consuming.