Amazon got hit hard with a substantial fine this month. The company had to pay up €746 million, equivalent to $887 million, by the European Union for breaking a data-privacy law that involves targeted advertising. It is the heftiest monetary punishment put on display by the EU’s three-year-old regulatory body, General Data Protection Regulation (GDPR).
Luxembourg National Commission for Data Protection (CNPD) filed the decision against Amazon Europe Core on July 16. The claim is that the online retailer’s “processing of personal data did not comply with the EU General Data Protection Regulation.” In addition to the penalty, the company is required to make “corresponding practice revisions.” It was disclosed on Friday (July 30) in a 10-Q filing with the Securities and Exchange Commission.
Amazon made a statement in its defense and said that the fine is “entirely out of proportion.” It stated that the law requires “subjective and untested interpretations” to work around it as the regulatory body is so new. The company gave additional information when a spokesperson told CNN that no customer data had been leaked.
Since Amazon’s European headquarters are in Luxembourg, it is subject to working with the Commission for Data Protection. Violations can lead to a penalty of €20 million (or approximately $23 million) or 4 percent of a company’s global revenue. The decision is made based on whichever of the two is higher.
The fine is hefty, but it does not do much damage to Amazon. When looking at pure cash, the company held $89.9 billion and equivalents as of last month. Along with other tech giants like Microsoft and Apple, it is now worth a trillion dollars as of last year.
The latest issue with the EU is not the first for Amazon. Last fall, the European Commission filed antitrust charges regarding its misuse of data. It allegedly used non-public information to get ahead of third parties and benefit its own business.
General Data Protection Regulation was formed in 2018. It looks over companies like Amazon to make sure that those businesses disclose the data that is collected from users and what is done with said data. The customers must be able to obtain a copy of their data and can have anything deleted when requested. But it is not always billion to trillion-dollar companies. A Portuguese hospital, Centro Hospitalar Barreiro Montijo, was handed a fine of €400,000 (or approximately $474,679) in 2018 after staff had used fake accounts to gain access to patient files.
The fine against Amazon is record-breaking. The previous holder of having a financial penalty from the EU was Google in 2019. France’s Commission nationale de l’informatique et des libertés (CNIL) fined the tech giant €50 million, equivalent of approximately $56.8 million. It was issued because the company had not given enough details about its data consent policies and a lack of control for how that information was being used. Across Europe and the UK, officials have criticized and acted against other tech companies over business practices that hinder competition and abuse the power of having user data.