Amazon faces £637 million fine over GDPR violations

If confirmed, the penalty would be almost 15-times larger than the current record fine

Amazon is facing a potential €746 million (approximately £637 million) fine for the unlawful processing of personal data, following a GDPR ruling by Luxembourg’s data protection regulator.

The ruling was initially made on 15 July but only became public knowledge when mentioned as part of Amazon's latest quarterly earnings report. If it goes ahead, the fine would be the largest data protection penalty in industry history.

This €746 million fine would represent a sum that’s more almost 15-times greater than the €50 million penalty that French data regulator CNIL administered against Google in 2019.

Amazon didn’t explain the specific basis for such a relatively large penalty in its legal filing, nor has the Luxembourg National Commission for Data Protection (CNPD) made the details around the case public.

The regulator confirmed with IT Pro, however, that the decision was made on the basis of the one-stop-shop principle set out in Article 60 of GDPR.

This means Luxembourg was nominated as the lead supervisory authority in a case against Amazon based on alleged violations that occurred across borders and in several EU territories. The CNPD was chosen to investigate Amazon because the firm’s European headquarters is based in Luxembourg.

The CNPD claims the nation’s own local data protection laws have bound the authority to “professional secrecy” when taking regulatory action. According to these laws, details about the case cannot be published - or publicised - until Amazon’s deadline for appeals expires.

Amazon said the regulator’s decision has been made without merit, and that it plans to defend itself “vigorously”. Although the firm is able to appeal the decision, the regulator didn’t indicate how long this process might take.

Despite such a large fine cited, there’s also every chance that it can be drastically lowered over the course of regulatory proceedings. For example, the UK’s Information Commissioner’s Office (ICO) had initially issued a notice of intent to fine BA and Marriott £183 million and £99 million respectively in July 2019. This was eventually watered down to £20 million and £18.4 million in October 2020, with the ICO citing a number of mitigating circumstances, including the economic effects of the pandemic.

Related Resource

The controversial CLOUD Act

The effect on data protection and data security in Germany and the EU

A magnifying glass with a background of 1s and 0s - whitepaper from IONOSDownload now

Prior to GDPR coming into force, many businesses widely expected the new data protection laws to usher in an era of massive, eye-watering fines that would cripple businesses found to have fallen foul of the rules. This was based on the provision that an organisation can face a fine of up to €20 million or 4% annual turnover, whichever is higher.

In practice, however, such fines have been a rarity, despite a high volume of cases.

The Irish data protection regulator too, which is itself the lead supervisory authority in a number of cases against big tech giants, hasn’t yet worked through a lengthy backlog of legal challenges. So far, the Irish Data Protection Commission (DPC) has issued a €450,000 fine against Twitter, alongside a provisional decision in January 2021 to fine WhatsApp €50 million, although this is subject to legal review.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

AWS to launch cloud services reseller in Australia
Amazon Web Services (AWS)

AWS to launch cloud services reseller in Australia

17 Sep 2021
Senators accuse Amazon of mistreating pregnant workers
Policy & legislation

Senators accuse Amazon of mistreating pregnant workers

10 Sep 2021
Amazon to pay college tuition fees for 750,000 front-line employees
Careers & training

Amazon to pay college tuition fees for 750,000 front-line employees

10 Sep 2021
Building a business case for SAP on AWS
Whitepaper

Building a business case for SAP on AWS

8 Sep 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
The technology powering the future of shopping
Technology

The technology powering the future of shopping

16 Sep 2021
Citrix mulling potential sale after tumultuous 2021
mergers and acquisitions

Citrix mulling potential sale after tumultuous 2021

15 Sep 2021