Amazon has been hit with a record €746 million fine after the Luxemburg data privacy regulator said the e-commerce giant had violated the EU bloc’s GDPR rules.
Regulators said Amazon’s processing of personal data didn’t comply with the bloc’s signature privacy law, and the company acknowledged it has been ordered to change its business practices.
The fine was imposed on July 16 and was disclosed in an SEC filing on Friday. It is the largest in GDPR’s three-year history, followed by Google’s 2019 fine of €50 million.
Amazon’s statement bluntly says that ‘they believe the CNPD decision is without merit and intend to defend themselves vigorously on the matter’.
“The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation,” the company said.
In their filing, Amazon specifies that the fine was imposed on July 16th by the Luxembourg Authority, which though on its website clarifies that its decisions are announced anonymously unless CNPD decides to apply Article 52 of the respective privacy law.