Amazon has been slammed with the EU’s highest fine to date after being fined €746 million ($888 million) for breaking the EU’s General Data Protection Regulation (GDPR).
The ecommerce titan was penalized earlier this month by Luxembourg’s National Commission for Data Protection (CNPD) for allegedly processing personal data in a manner that violated GDPR.
In a 10-Q statement recently filed with the Securities and Exchange Commission, Amazon stated that the CNPD’s ruling is “without merit.” In a statement, the business added more information to the matter, saying:
“There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed. We strongly disagree with the CNPD’s ruling, and we intend to appeal. The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.”
The CNPD of Luxembourg has imposed a fine on Amazon since its European headquarters are based in the small European country.
The CNPD has not publicly commented on the decision since local regulations prohibit it from commenting on specific cases or even confirming receipt of a complaint.
Due to the quantity of data it collects on its consumers, the US-based firm has been under growing criticism in recent years. Amazon, on the other hand, has defended its data collection techniques, claiming that they enable it to provide a better and more tailored consumer experience.
“Maintaining the security of our customers’ information and their trust are top priorities,” an Amazon spokesperson said in an interview.
“There has been no data breach, and no customer data has been exposed to any third party,” they continued.
“These facts are undisputed. We strongly disagree with the CNPD’s ruling, and we intend to appeal. The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.”
Amazon must also agree to change its business methods, according to the CNPD. However, the regulator has not made its conclusion public, and Amazon has not specified what changes to its business practices it is proposing.
The record penalty, which surpasses Google’s €50 million GDPR penalty in 2019, comes amid increased scrutiny of Amazon’s European operations. The European Commission filed formal antitrust accusations against the retailer in November of last year, alleging that it had abused its position to compete against third-party firms utilizing its platform.
Simultaneously, the commission launched a second inquiry into its alleged preferential treatment of its own products over those of its partners on its website.
Amazon isn’t the only big firm to get a hefty fine for breaking GDPR. In January of this year, France’s privacy regulator CNIL penalized Google €50 million ($57 million) for violating GDPR.
We’ll have to wait and watch how Amazon’s appeal goes to determine if the firm will have to pay the CNPD’s $888 million fine.