The fine, totaling about $887 million that Amazon disclosed in a financial filing on Friday, is the largest in the law’s three-year history. The second most important penalty is Google’s €50 million fine in 2019.
Regulators have said that Amazon’s processing of personal data does not meet the requirements of the General Data Protection Regulation. For this reason, the company was ordered to change its business practices, Amazon acknowledged.
Amazon added that it plans to fight the agency’s decision to issue the fine. “We believe the CNPD’s decision is groundless and we intend to vigorously defend ourselves in this matter,” the company said.
The origin of the fine
Amazon said the penalty for the alleged breach was imposed on July 16 by data regulators in Luxembourg, where Amazon is based in Europe.
A spokesman for Luxembourg’s data authority, CNPD, declined to comment, arguing for the ongoing nature of the legal proceedings.
In another statement to CNN, Amazon said customer information had not been leaked or disclosed.
“Maintaining the security and confidence of our customers’ information is a top priority,” the statement said.
The document says: “There was no data breach and customer data was not disclosed to third parties. These facts are indisputable.” “We completely disagree with the NDC’s decision and intend to appeal,” he adds.
Amazon insists in the statement that “the decision on how to display relevant ads to customers is based on subjective and unproven interpretations of European privacy law, and the proposed fine is wholly disproportionate even to that interpretation.”
Under EU privacy law, violations can result in penalties of up to €20,000,000 or 4% of the company’s global revenue, whichever is greater.