Amazon Slapped With Record €746 Milllion Fine Over GDPR Violations

Luxembourg’s data protection authority (CNPD) fined Amazon €746 million for not complying with EU’s privacy rules.

According to a new report from Bloomberg, Amazon has been fined €746 million, equivalent to $1.1 billion CAD, for allegedly violating a European Union data-privacy law with targeted advertising. It’s the biggest monetary penalty imposed to date in connection with the EU’s three-year-old General Data Protection Regulation (GDPR).

According to the filing, the decision was taken on July 16, and the regulator ruled that “Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation.”

“We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter,” the company said in the filing.

Asked about the ruling, an Amazon spokesperson said: “We strongly disagree with the CNPD’s ruling, and we intend to appeal. The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.”

The penalty is the result of a 2018 complaint by French privacy rights group La Quadrature du Net, which filed numerous lawsuits against Big Tech companies on the behalf of 12,000 people shortly after the GDPR was established that year.

Among those was a case involving Google’s Android operating system that led to France’s CNIL regulator slapping the search giant with a $57 million USD fine in January 2019 — the biggest GDPR fine to date. The watchdog ruled that the company had violated the GDPR due to its failure to obtain legal consent for data collection related to its ad targeting practices.