Online retail giant, Amazon, has been hit with a €746 million fine. The fine was for violating the GDPR.
It was another headline grabbing fine brought by Europe’s General Data Protection Regulation (GDPR). The decision was rendered by the Luxembourg National Commission (CNPD). They found that Amazon violated GDPR rules on how personal information is processed.
Amazon says that it is not happy with the fine and will be challenging it. From ZDNet:
Alongside the fine, Amazon said the decision also imposes “corresponding practice revisions.”
In the SEC filing, Amazon said, “We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter.”
In a statement to ZDNet, Amazon said, “There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed. We strongly disagree with the CNPD’s ruling, and we intend to appeal.”
“The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation,” the company added.
Some question the size of the size of the fine. In 2020, Amazon reportedly made $386 billion or roughly €325.31 billion. So, a maximum fine would work out to about €13 billion (4% of annual turnover). The fine is, of course, far lower then that.
It is, however, worth noting that when we looked back at the 3 year anniversary of the GDPR, we also noted the largest fines ever handed out. At the time, the largest fine was €50 million which was handed down to Google. This fine is nearly 15 times that and easily represents the largest recorded fine to date that we are aware of. So, if anything, the fines are definitely growing in size. What’s more is the fact that Google no longer has the dubious distinction of being hit with the largest GDPR fine ever.
Indeed, by Amazon numbers, they effectively have to rummage through the couch to find that extra €746 million. At the same time, it does send a message that, regardless of the size of your company, you still have to comply or fines will be coming. As a result, we can conclude that this is a much louder warning shot to get this privacy business in gear. After all, the fines can go up much higher from here.
Drew Wilson on Twitter: @icecube85 and Facebook.
