Luxembourg’s CNPD fined Amazon for $888 million

Luxembourg National Commission for Data Protection (CNPD) penalized on July 16 e-commerce titan Amazon with a roaring $888 million fine over allegations of violating EU’s data protection laws.

The decision came against Amazon Europe Core under the pretense that Amazon is processing customer personal data. The verdict is based on a 2018 complaint by French privacy group La Quadrature du Net – a group that claims it represents the best interest of Europeans’ data safety from Big Tech firms.

“We believe the CNPD’s decision to be without merit and we intend to defend ourselves vigorously in this matter,” Amazon said in a securities filing.

In 2018, Europe’s data protection regulator acquired great powers in its battle against the world’s biggest tech companies that failed to preserve people’s data or even utilized data for ulterior motives, such as monopolizing the market to their benefit.

Since the latest privacy regulations against Big Tech firms surfaced, the CNPD’s fine against the e-commerce giant is the largest ever under European data protection law. The Luxembourg agency verified that its decision was made this early July but declined to give any further details on the matter as conducted investigations are private.

According to GDPR, authorities have the power to fine companies based on their revenues.  Implied regulations oblige the accused company to pay a remarkable fine reaching 4 percent of its annual global turnover.

In the retailing platform’s case, this means that the released number amounts to about 4.2 percent of its reported $21.3 billion income for 2020.

“Maintaining the security of our customers’ information and their trust are top priorities. There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed. We strongly disagree with the CNPD’s ruling, and we intend to appeal,” Amazon spokesman addressed the issue in a statement.

“The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation,” he added.

It is worth highlighting that since Amazon Europe Core is based in Luxembourg, the decision is solemnly in the CNPD’s hand to determine whether the company is abiding by the rules or not.

The Seattle-based company has already released its quarterly update on its site, demonstrating how profits soared 48 percent from a year ago to $7.8 billion and revenues increased 27 percent to $113.1 billion in the April-June period.

Back in November 2020, EU commissioners first spoke of their beliefs that the retail business is misusing non-public data to enforce its role in competing with various sellers in France and Germany.

However, as Amazon finds itself under rough scrutiny both at home and abroad as to how it processes customer data, this won’t be the first fight between Amazon and French authorities.

Last year, the French government charged the tech giant with an estimated $42 million for neglecting to abide by laws concerning browser “cookies” that track users’ movement on its site.