Record Fine Slapped On Amazon Over Breach Of EU’s GDPR

A record fine of €746 million ($887 million) GDPR fine was slapped on Amazon by Luxembourg’s National Commission for Data Protection (CNPD) over the manner in which the e-retailer collects and uses user data for conducting targeted advertising.

This disclosure was made by Amazon in an SEC filing on Friday. In the filing the largest e-commerce platform of the world criticised the fine as being baseless, adding that the company intended to defend itself against the ruling by the regulator “vigorously in this matter.”

“Maintaining the security of our customers’ information and their trust are top priorities,” an Amazon spokesperson said in a statement. “There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed.

“We strongly disagree with the CNPD’s ruling, and we intend to appeal. The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.”

This penalty was imposed on Amazon on the basis of a complaint by French privacy rights group La Quadrature du Net filed in 2018. This group is considered to be a representative of the interests of thousands of Europeans who seek to make sure that their data is not used by big tech companies for manipulating their behavior for political or commercial purposes.

The complaint also named Apple, Facebook Google and LinkedIn to be involved in the same crime. The complaint was filed by the group on behalf of more than 10,000 customers and alleged that customers are manipulated by Amazon for commercial means by selecting the information and advertising that customer would receive.

Welcoming the fine issued by the CNPD, La Quadrature du Net said that the fine “comes after three years of silence that made us fear the worst.”

“The model of economic domination based on the exploitation of our privacy and free will is profoundly illegitimate and contrary to all the values that our democratic societies claim to defend,” the group added in a blog post published on Friday.

In the ruling, the CNPD also wants Amazon to commit about it changing the business practices it follows currently. 

However, the regulator has not publicly committed on its decision, and Amazon didn’t specify what revised business practices it is proposing.

The previous European record for a fine on tech company was a €50 million GDPR penalty levied against Google in 2019.

This decision also comes at a time when there is greater scrutiny in Europe of Amazon’s business practices. Formal antitrust charges against the company were announced by the European Commission in November last year and had said at that time that its market position was misused by the e-retailer to impede competition ability of third-party businesses that uses the American company’s platform. A second investigation was also started by the Commission at the same time that seeks to examine the alleged preferential treatment according by Amazon to its own products on its site and those of its partners.

(Adapted from


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s