EU Fines Amazon Record £637m Over Alleged Data Violation

The European Union data has  fined Amazon 746 million euros (£637m), or approximately $886.6m, in what is by far the largest penalty to date under EU data protection laws.

The fine was issued by Luxembourg’s National Commission for Data Protection, or CNPD, which alleged Amazon’s processing of personal data broke the EU’s GDPR data protection rules, which are also implemented in UK law.

The fine was levied on 16 July and Amazon disclosed it in a Securities and Exchange Commission (SEC) filing on Friday.

The company said it believes the penalty is “without merit” and plans to defend itself “vigorously” in court.

Customer data

Amazon emphasised that the alleged violation is not related to a data breach but didn’t give details of the EU’s allegations.

The company did say that the CNPD had taken issue with the way it uses customers’ data for advertising purposes.

The GDPR requires companies to obtain users’ informed consent before making use of their personal data, and authorises steep fines for violations.

However, the largest fine to date under the 2018 law was a 50m euro fine imposed on Google in 2019.

British Airways, H&M and Marriot Hotels have also faced large fines under the GDPR, but all were in the tens, rather than hundreds of millions, indicating the EU considers Amazon’s breach to be a significant one.

‘Without merit’

“We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter,” Amazon said in a statement.

In early June the CNPD reportedly circulated a draft of its sanction of Amazon’s privacy practices to the EU’s 26 other data-protection authorities, proposing a fine of more than $425m.

At least one of the other regulators are reported to have pushed for a higher fine.

National authorities are meant to take into account the gravity, duration and character of the infringement when deciding on a penalty.

Amazon acknowledged the decision was related to its use of data to personalise advertising, and argued the fine was “out of proportion” and was based on “subjective and untested” interpretations of the GDPR.

“The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation,” Amazon said.

Antitrust action

Regulators around the world have faced increasing pressure to act against large technology multinationals in recent years, which have been accused of exercising “monopoly power”, of abusing their control over users’ data and of failing to rein in misinformation and illegal online content.

Previous EU concerns have revolved around Amazon’s use of commercial data relating to the third-party sellers that make use of its platform.

In November, for instance, the European Commission charged Amazon with abusing its dominant position in online retail to gain an unfair competitive advantage.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago