PL Risk Blog

Amazon Hit with massive Fine Under GDPR

Written by Drew Smith | Aug 19, 2021 2:00:00 PM

Amazon, the worlds largest company, was hit with a massive 746 million Euro or $884 Million fine from European regulators, as regulators being cracking down on internet privacy.

The Luxembourg National Commission for Data Protection (CNDP) issued this fine for several violations of Europe’s General Data Protection Regulation, or GDPR. The GDPR is a regulation that went into effect in 2018 after being passed in 2016. It requires companies that do business in the European Union to protect their customers data and privacy, only allowing it to be collected under certain circumstances. Customers in the EU under the GDPR have the right to essentially remove themselves from these companies’ databases to protect themselves. [1]The fines for it are considerable as it can be up to 4 percent of a company’s net worth. British Airways, Britain’s largest air carrier, was fined 20 million Euros for compromising 400,000 records last year, and it could have been significantly more.

Amazon’s fine is the result of an investigation into their handling of their customers data. The CNDP ruled that Amazon’s processing of customer’s data was in violation of the standards set out by the regulation. While not the first tech company impacted by such a ruling, in December, France's data privacy watchdog handed out its biggest ever fine of 100 million euros ($118.82 million) to Google for breaching the nation's rules on online advertising trackers, [2] Amazon’s fine is massive compared to their competitors shows that they might be ready to expand their crack down.

An Amazon spokesperson disagreed with the ruling. "Maintaining the security of our customers' information and their trust are top priorities. There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed," the spokesperson wrote in the statement. "The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation," the spokesperson added.[3]

Amazon’s fine for handling customer’s data is a warning to tech companies like Facebook and Twitter that regulators are beginning to crack down on data protection. Many other areas of the world, like California are passing similar regulations. Use these laws as a framework to determine how much you need to protect your customers data.

 

[1] https://gdpr.eu/what-is-gdpr/

[2] https://www.reuters.com/business/retail-consumer/amazon-hit-with-886-million-eu-data-privacy-fine-2021-07-30/

[3] Law 360 Amaazon Hit with 746M Fine. July 30th, Grand and Naga Siu