Amazon has been issued with a fine of 746 million euros ($887 million) by a European privacy watchdog for breaching the bloc’s data protection laws.
The fine, disclosed by Amazon on Friday in a securities filing, was issued two weeks ago by Luxembourg’s privacy regulator.
The Luxembourg National Commission for Data Protection (CNPD) said Amazon’s processing of personal data did not comply with the EU’s General Data Protection Regulation.
It has ordered Amazon to revise certain undisclosed business practices.
Amazon, which has its European headquarters in Luxembourg, denied that there had been any kind of breach that would violate the GDPR rules.
“Maintaining the security of our customers’ information and their trust are top priorities,” an Amazon spokesperson said.
“There has been no data breach, and no customer data has been exposed to any third party,” they added.
“These facts are undisputed. We strongly disagree with the CNPD’s ruling, and we intend to appeal. The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.”
The fine marks the latest example of European regulators zeroing in on Big Tech. Officials in Europe and the UK have increasingly been scrutinizing the business practices of companies including Amazon, Apple, Facebook and Google amid allegations they have harmed competition and abused consumer privacy.
The decision concludes a probe started by a 2018 complaint from French privacy rights group La Quadrature du Net. It cautiously welcomed the decision.
“It’s a first step to see a fine that’s dissuasive, but we need to remain vigilant and see if the decision also includes an injunction to correct the infringing behaviour,” said Bastien Le Querrec, a member of La Quadrature’s litigation team, adding the group hadn’t received the decision.
EU data protection regulators’ powers have increased significantly since the bloc’s GDPR rules took effect in May 2018. It allows watchdogs for the first time to levy fines of as much as 4% of a company’s annual global sales. The biggest fine to date was a 50 million-euro penalty for Google issued by France’s CNIL.
