Luxembourg slaps record €750 million fine on Amazon
Luxembourg's data-protection watchdog slapped Amazon with the EU's largest fine for violating online consumer protections, the technology giant said on Friday, more than twice the amount initially reported.
The National Commission for Data Protection in Luxembourg, where the company's European headquarters is based, hit the company with a record €746 million fine after deciding "that Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation", or GDPR, the company said in a regulatory filing in its home US market
Amazon said the ruling it received on 16 July lacked merit and would be appealed. "The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation,” the online retail giant said in a statement.
The Luxembourg regulator confirmed on Friday that it took some action involving Amazon two weeks ago, but would not confirm that the company was fined or that the total was €746 million.
The authority is bound by Luxembourg law to professional secrecy that prevents it from commenting on individual cases, commission President Tine Larsen told Luxembourg Times in an email. The commission is the lead regulator for corporations such as Amazon which have their European headquarters in the tiny Grand Duchy.
The fine would far outstrip the previous largest penalty of €50 million from France's watchdog against Google and would be more than double the €349 million proposed fine that the Luxembourg agency was considering as late as last month, according to the Wall Street Journal.
The draft decision by the Luxembourg regulator needed to be agreed by the EU’s other national regulators, which could result in any penalty being reduced or increased. The Journal last month reported there had been a number of objections to the draft penalty at that time already.
The GDPR legislation empowers national data regulators to levy penalties of as much as 4% of a company’s annual revenue.
The fine for alleged breaches under the EU's three-year-old GDPR are tied to Amazon’s collection and use of personal data, the Journal reported previously.
“Maintaining the security of our customers’ information and their trust are top priorities. There has been no data breach, and no customer data has been exposed to any third party," Amazon said on Friday.
Prior to this year, the CNPD was one of the few national watchdogs which had not imposed any fines relating to breaches of GDPR. It issued details of its first fines on its website in early June. None of the six companies assessed penalties between €1,000 and €18,000 were named, but the commission said most of the cases related to breaches of video surveillance and geolocation practices.