Amazon found itself in hot water earlier this month but managed to keep it under the cover. The company was slapped with largest ever fine for data protection violations in Europe. On July 16, Luxembourg’s data protection authority asked Amazon to cough up 746 million euros ($888 million) in penalty for violating the EU’s strict data protection laws, known as the GDPR.
According to Bloomberg, the fine was issued by Luxembourg’s CNPD in response to an investigation into Amazon’s processing of customer data. The CNPD did not immediately respond to a request for comment and has not commented publicly on the decision.
Its investigation into Amazon was based on a 2018 complaint by French privacy group La Quadrature du Net. It claims it represents the interests and preferences of thousands of Europeans, to ensure that their data isn’t used by large tech companies to alter their behavior for commercial or political purposes.
The eCommerce behemoth refrained from responding to a request for comment.
Amazon’s use of customer data is being scrutinized more and more at home market as well as abroad. Regulators worry that the company’s data processing policies could be in violation of privacy protections and give it an advantage over other companies operating within the marketplace. Amazon wants customers to be confident that their data is secure. This is in contrast to many GDPR fines.
“Maintaining the security of our customers’ information and their trust are top priorities,” said an Amazon spokesman in a statement on Friday. “There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed.”
Amazon is planning to appeal against the ruling.
“The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation,” Amazon spokesperson said.
With the advent of the GDPR, data protection authorities in Europe gained greater power to take action against companies that fail to properly use data and protect data. Companies that fail to comply with their obligations can be fined up to 4% by the national regulator of the European country where they are based. Amazon’s Luxembourg headquarters means that the CNPD has the authority to determine if the company is following the rules.