Amazon has recently been hit with a record £636 million (€746 million, $888 million) fine after a European data protection authority found the company guilty of General Data Protection Regulation (GDPR) violations. The fine puts into the shade the previous biggest penalty to date, a €50 million ruling against Google and dwarfs the £20 million fine handed to British Airways for a 2018 breach.
The CNPD – Luxembourg’s National Commission for Data Protection – announced the Amazon fine in mid-July. The CNPD found Amazon guilty of processing customer data in a way violating GDPR. The ruling ends a three-year investigation, brought following a 2018 complaint raised by La Quadrature du Net, a French privacy rights group.
The fine came to light via an Amazon regulatory disclosure at the end of July. The CNPD is bound by Luxembourgish laws meaning it cannot comment on individual cases or even confirm complaints it has received or is investigating. Amazon falls under the jurisdiction of the CNPD by way of having its European Union (EU) headquarters in Luxembourg.
Amazon called the fine “without merit” and said it would appeal in a statement released with its regulatory disclosure.
Amazon’s statement also said, “There has been no data breach, and no customer data has been exposed to any third party…These facts are undisputed. We strongly disagree with the CNPD’s ruling.”
Upon learning of the fine, Bastien Le Querrec, from La Quadrature du Net’s legal team, said, “It’s a first step to see a fine that’s dissuasive, but we need to remain vigilant and see if the decision also includes an injunction to correct the infringing behaviour,”
Spotlight grows stronger on Amazon
The CNPD’s ruling and fine isn’t the first time Amazon has gotten unwanted focus from data privacy matters.
Research from Money.co.uk recently found that Amazon had been subject to at least six severe data breaches in recent years, likely affecting billions of people.
Furthermore, Amazon often faces questions about how much data it gathers. We know that Amazon collects data from:
- Customers, around both purchase and browsing habits
- Partners, including businesses and independent sellers who sell via Amazon
- Users of its Alexa digital assistant via its Echo smart speakers and other platforms
In reality, this is probably a drop in the ocean, with Amazon likely generating and collecting data from numerous other sources.
As most companies do, Amazon says its data collection policies and practices aim to improve user experience. The company also says it has strict guidelines around how its employees can access and use this data.
However, many data concerns surrounding Amazon actually focus on competition, and ongoing investigations could lead to more trouble for Amazon.
- The EU and European Commission is currently undertaking an anti-trust investigation into whether Amazon unfairly promotes its own products on its website.
- German data regulators currently have several ongoing probes into Amazon’s use of data and operations.
- The Competition and Markets Authority here in the UK is looking into similar issues as the EU, specifically the use of fake reviews by Amazon to promote its products.
- The European Commission is considering investigating anti-trust issues specifically related to data collection via voice assistants.
Taking action if Amazon misuses your data
If an Amazon data breach has affected you, or Amazon has otherwise used your personal data in a way not in accordance with your wishes, you may be entitled to compensation. Contact LawPlus today for a FREE assessment of your Amazon data breach claim.