Amazon Receives Record $887 Million Data Privacy Fine Under GDPR: Data Privacy Trends

Now, we’re talking some serious money!  For most of us, anyway.  According to CNN Business, Amazon faces a record-breaking €746 million (roughly $887 million) data privacy fine after a European Union data privacy regulator said the e-commerce giant had violated the General Data Protection Regulation (GDPR).

According to the article (Amazon hit by record $887 million EU privacy fine, written by Brian Fung), the fine was imposed on July 16 and disclosed Friday in a financial filing. It is the largest in the law’s three-year history, followed by Google’s 2019 fine of €50 million.  Both companies also received fines late last year – Google for $120 million and Amazon for $42 million – by the Commission nationale de l’informatique et des libertés (CNIL) for tracking cookies on the French versions of their sites.

Regulators said Amazon’s processing of personal data didn’t comply with GDPR requirements, and the company acknowledged it has been ordered to change its business practices.

Amazon said the regulatory decision was “without merit” and added that it plans to “defend ourselves vigorously in this matter.”

“The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation,” the company said.

The data privacy fine for the alleged violation was imposed by data regulators in Luxembourg, where Amazon has its European headquarters. A spokesperson for the Luxembourg data authority, CNPD, declined to comment, citing the ongoing nature of the legal proceeding.

But, in a further statement to CNN Business, Amazon said customer information had not been leaked or exposed.

“Maintaining the security of our customers’ information and their trust are top priorities,” the statement said. “There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed.”

Under GDPR, violations can carry a data privacy fine of up to €20 million or 4% of a company’s global revenue, whichever is higher.  So, while an $887 million dollar penalty for Amazon is a large amount, it could have been much worse.  Last year’s record annual revenue for the company was $386 billion(!), which was a yearly increase of over $100 billion, so 4% of that would be $15.44 billion.  So, this fine is still a relative drop in the bucket!  😉

So, what do you think?  Will a data privacy fine of this magnitude have an impact on how multi-billion dollar corporations handle personal data?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply