Luxembourg’s data watchdog CNPD has handed the largest ever privacy fine in the European Union to Amazon. The e-commerce giant has been fined €746 million (approximately $888 million) for violating the bloc’s strict data privacy laws, known as GDPR.
The company said that it plans to appeal the decision. Amazon has its EU headquarters in Luxembourg, tasking the local data regulator with overseeing its compliance.
The fine was levied on 16th July and was disclosed by Amazon in an SEC filing on Friday. In the filing, the company slammed the decision as baseless and added that it intended to defend itself “vigorously in this matter.” In a statement to Bloomberg, Amazon said: “There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed. We strongly disagree with the CNPD’s ruling.”
The penalty is the result of a 2018 complaint by French privacy rights group La Quadrature du Net, which filed numerous lawsuits against Big Tech companies on the behalf of 12,000 people shortly after the GDPR was established.
Google has also been fined as a result of lawsuits filed by La Quadrature du Net. In January 2019, France’s CNIL regulator slapped the search giant with a $57 million fine — the biggest GDPR fine to date. The watchdog ruled that the company had violated the GDPR due to its failure to obtain legal consent for data collection related to its ad targeting practices.
Amazon’s record penalty comes at a time when Amazon’s business is under heavy scrutiny in Europe. There’s also an on-going antitrust investigation in the EU regarding the company’s usage of data. In November last year, officials reached a preliminary decision that Amazon had breached competition rules by using third-party seller data to boost its own products. They also launched a second investigation into its alleged preferential treatment of its own products.
Under the EU’s privacy law, violations can carry penalties of up to €20 million or 4 percent of a company’s global revenue, whichever is higher.