0646 GMT September 26, 2021
The fine was issued two weeks ago by Luxembourg’s privacy regulator, according to CNBC.
The Luxembourg National Commission for Data Protection said Amazon’s processing of personal data did not comply with the EU’s General Data Protection Regulation (GDPR).
It has ordered Amazon to revise certain undisclosed business practices.
Amazon, which has its European headquarters in Luxembourg, denied that there had been any kind of breach that would violate the GDPR rules.
“Maintaining the security of our customers’ information and their trust are top priorities,” an Amazon spokesperson told CNBC.
“There has been no data breach, and no customer data has been exposed to any third party,” the spokesperson added.
“These facts are undisputed. We strongly disagree with the CNPD’s ruling, and we intend to appeal. The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.”
CNPD’s investigation reportedly commenced in 2018 after French privacy rights group La Quadrature du Net filed a complaint against Amazon.
La Quadrature du Net did not immediately respond to comment but Bastien Le Querrec, a member of La Quadrature’s litigation team, cautiously welcomed the decision, according to Bloomberg.
“It’s a first step to see a fine that’s dissuasive, but we need to remain vigilant and see if the decision also includes an injunction to correct the infringing behavior,” he said.
Under the GDPR, data protection watchdogs in Europe have the ability to fine companies as much as 4% of their annual global sales.
While the Amazon fine is in the hundreds of millions, it’s relatively small in the grand scheme of things.
Amazon posted its third $100 billion quarter in a row on Thursday, with revenue growing by 27% year over year to $113.08 billion.