Why is this important: The previous record holder for the highest fine received for GDPR violation was Google, which was fined € 50 million. However, Amazon was recently fined an exorbitant € 746 million, signaling that breaching privacy rules in the EU becomes much more expensive over time.
Amazon appears to be doing relatively well under his new leadership, but the company’s growth is slowing and the shortcuts taken to reach its gargantuan size are biting again. The retail giant was fined 746 million euros ($ 885 million) after Luxembourg’s National Data Protection Commission (CNPD) discovered the company had broken the rules of the GDPR when processing personal data.
The Wall Street Journal spotted the fine in a security file, where the company revealed it was issued two weeks ago after the CNPD concluded an investigation into Amazon’s advertising practices.
Amazon noted in the file that the CNPD had asked it to review its advertising practices, but the company did not reveal any details of the proposed changes. Either way, Amazon is not happy with the fine and believes that “the decision on how we show customers relevant advertisements is based on subjective and untested interpretations of EU privacy law. “. The company plans to appeal the decision to court and claims the proposed fine is “grossly disproportionate”. GDPR rules allow a penalty of $ 20 million or 4% of a company’s annual worldwide revenue, whichever is greater. In June, the Wall Street Journal saw a CNPD draft in which the fine was set at $ 425 million, but that amount more than doubled after other EU privacy regulators spoke out On the question.
Last year, the European Commission revealed the results of a separate investigation into how Amazon promotes its own products in the region. Specifically, EU commissioners found that Amazon was using data from third-party sellers in its marketplace to bolster its own products.
Depending on the outcome of this investigation, Amazon could be fined up to $ 28 billion.
GDPR enforcement appears to be taking a turn after privacy advocates have repeatedly criticized the European Commission for acting too slowly and enforcing small fines that do little to deter companies with deep pockets. For a company like Amazon, $ 885 million is still pocket money, but it’s more than an order of magnitude higher than the $ 57 million Google had to pay for breaking GDPR rules.