Amazon receives a GDPR fine of 746 million euros

Amazon has been fined EUR 746 million by the Luxembourg privacy watchdog CNPD for breaches of the European privacy directive GDPR. Amazon does not agree with the fine decision.

Amazon has violated the GDPR with the processing of personal data, concludes the Luxembourg Commission Nationale pour la Protection des Données. The Luxembourg authority for the protection of personal data has imposed the fine of 746 million euros on July 16, according to documents published by Amazon. Amazon is also required to make certain undisclosed changes to end the GDPR breach. At the time of writing, there is nothing about the fine on the CNPD website itself. It is the highest fine imposed for GDPR violations to date.

According to Amazon, there is no ground for the fine decision and the company has informed Politico that it will appeal. The fine follows an investigation by the CNPD into Amazon’s conduct, following a complaint from the digital civil rights organization La Quadrature du Net. That organization submitted the complaints to the Luxembourg data protection authority in 2018. Amazon’s European headquarters is located in Luxembourg.

Logo of La Quadrature du Net

In May, La Quadrature du Net complained that nothing seemed to be happening with the submitted claims. Now the organization tells Bloomberg that it appears to be a first step towards an actual fine and the organization expresses the hope that it will also force Amazon to stop its infringing behavior.

In fact, 2018 involved complaints about the breach of the GDPR by what La Quadrature du Net de Gafam refers to as Google, Apple, Facebook, Amazon and Microsoft. Those complaints were also submitted on behalf of 12,000 European citizens. The fine is a lot higher than the WSJ previously named based on rumours.