Euro watchdog will try to extract $900m from Amazon for breaking data privacy laws
You miss every shot you don't take, we guess
Amazon says a European Union privacy watchdog has mustered the temerity to demand a $885m fine for failing to comply with data privacy rules.
"On July 16, 2021, the Luxembourg National Commission for Data Protection (CNPD) issued a decision against Amazon Europe Core S.à r.l. claiming that Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation," the web goliath said in a financial filing accompanying its Q2 2021 earnings report [PDF] on Thursday.
"The decision imposes a fine of €746m [$885m] and corresponding practice revisions."
Amazon said the CNPD decision has no merit and that it plans to challenge the ruling.
“Maintaining the security of our customers’ information and their trust are top priorities," Amazon said in a statement emailed to The Register. "There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed. We strongly disagree with the CNPD’s ruling, and we intend to appeal."
"The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation."
The €746m fine is the largest penalty under the 2018 GDPR to date, surpassing the previous top penalty of €50m assessed by the French National Commission on Informatics and Liberty (CNIL) against Google in 2019 by almost 15x. In fact, Amazon's fine is more than twice the sum of all previous GDPR penalties combined (€303m).
- Ex-Brave staffer launches GDPR sueball in Germany over tech giants' real-time bidding for ad inventory
- Truth and consequences for enterprise AI as EU know who goes legal: GDPR of everything from chatbots to machine learning
- Irish privacy watchdog sticks GDPR probe into Facebook after that online giveaway of 533 million profiles
- Can we exhale yet? EU set to rule UK 'adequate' for data sharing in post-Brexit GDPR move
The privacy group assailed Amazon's public statement about the absence of a data breach as a non sequitur, stating that the CNPD decision is a consequence of invasive ads rather than a database intrusion.
This historic fine hits straight to the heart of Big Tech’s predatory system, and should be celebrated as such
"It is the system of targeted advertising itself, and not merely occasional security breaches, that our legal action attacked," the group said in a statement on its website. "This historic fine hits straight to the heart of Big Tech’s predatory system, and should be celebrated as such."
The privacy group also took the opportunity to contrast the massive CNPD fine with the failure of both the Irish Data Protection Authority and the CNIL to translate the group's complaints against Facebook, Apple, Microsoft and Google into meaningful penalties. And it celebrated the CNPD decision for restoring its faith in regulatory intervention.
"Business models based on domination and exploitation of our privacy and our free consent are disturbingly illegitimate and go against the values that our democratic societies claim to defend," the group said.
Elsewhere in its 10-Q filing, Amazon reported $113.1bn in sales and an operating profit of $7.7bn for the quarter. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Federal government of the United States
- Government of the United Kingdom
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero trust