Amazon Hit With Huge GDPR Fine

It is not rare for Amazon to be a hot topic of conversation, but this summer they’ve made headlines for a new reason. On July 16, 2021, Amazon Europe Core got hit with a colossal $887 million GDPR fine, the largest in history. 

This fine came from the Luxembourg National Commission for Data Protection, also known as the CNPD. The investigation and eventual fine follows a claim that Amazon’s processing of users’ personal data failed to comply with the EU’s rigorous General Data Protection Regulation (GDPR) law requirements. The issued fine amounted to €746 million, or $887 million. 

In an SEC filing on July 30, 2021, Amazon released a statement on the CNPD’s decision to fine the company, asserting that the CNPD’s decision came “without merit.” The multinational company says it will defend itself “vigorously in this matter.”

The Investigation

The decision to fine Amazon comes after a three-year-long investigation into their operations by the CNPD. This investigation stemmed from a complaint that was brought by a French privacy advocacy group, La Quadrature du Net (LQDN). LQDN’s complaint in 2018 aimed at Amazon’s use of non-consenting targeted ad systems. LQDN raised these privacy concerns on behalf of over 10,000 people. The privacy group made the case that the ad systems that Amazon uses are in direct violation of the GDPR. The fine placed against Amazon this year shows that the CNPD agrees. 

The $887 million fine issued to Amazon is a record-breaking amount, smashing the previous record of a $59 million fine issued against Google. 

Amazon's Response

Amazon gave a response to Bloomberg regarding the company’s plans to appeal the fine. They stated: “There has been no data breach, and no customer data has been exposed to any third party.” Then continued by saying, “These facts are undisputed. We strongly disagree with the CNPD’s ruling.”

Although Amazon may feel this way, the GDPR guidelines remain absolute. The CNPD seems to be going after Amazon for the way the company has been collecting and utilizing user data in the company’s targeted ad systems. For this reason, Amazon may be forced to change certain business practices that surround private data collection and targeted advertising systems. 

After receiving the news that his organization had been successful in its levied complaint against Amazon, LQDN’s Bastien Le Querrec stated: “It’s a first step to see a fine that’s dissuasive, but we need to remain vigilant and see if the decision also includes an injunction to correct the infringing behavior.”

Impact on Amazon

For companies operating within the European Union (EU), the GDPR has become a force to be reckoned with in monitoring their use of individual’s data. Since coming into effect, the GDPR has issued fines of up to 4% of a company’s worldwide annual revenue when necessary. These higher-tier fines are reserved for cases where there are infringements on consent and rights to data privacy. The GDPR is made up of some of the strictest privacy measures in the world. As Amazon’s targeted ad systems have been found to forego user consent, this could be the beginning of further issues that Amazon may face.

Despite this hefty and record-breaking fine, for Amazon, the amount remains trivial. The titan of a company has recently reported its third-quarter in a row where net sales exceeded $100 billion. There has been a 27% increase in net sales over the last year, resulting in $113.1 billion in the second quarter of 2021. It remains to be seen how this latest fine, and potential future privacy law fines, will affect the company.

Want to learn all there is to know about the how to comply with the EU's GDPR and access other important data privacy resources? Accountable HQ has everything you need to keep up to date and in the know.