Amazon has been handed its largest ever privacy fine in the EU by Luxembourg's data watchdog. The CNPD fined the company €746 million ($888 million) on July 16th for violating the bloc's strict data privacy laws, known as GDPR. Amazon disclosed the ruling in an SEC filing on Friday in which it slammed the decision as baseless, adding that it intended to defend itself "vigorously in this matter."
“There has been no data breach, and no customer data has been exposed to any third party,” Amazon told Bloomberg. “These facts are undisputed. We strongly disagree with the CNPD’s ruling.” It added that it plans to appeal the decision. Amazon has its EU headquarters in Luxembourg, tasking the local data regulator with overseeing its compliance.
The penalty is the result of a 2018 complaint by French privacy rights group La Quadrature du Net, which filed numerous lawsuits against Big Tech companies on the behalf of 12,000 people shortly after the GDPR was established that year.
Among those was a case involving Google's Android operating system that led to France's CNIL regulator slapping the search giant with a $57 million fine in January, 2019 — the biggest GDPR fine to date. The watchdog ruled that the company had violated the GDPR due to its failure to obtain legal consent for data collection related to its ad targeting practices.
The record penalty comes amid heightened scrutiny of Amazon's business in Europe. Its use of data is also at the heart of the EU's antitrust investigation. Following a year-long probe, officials in November reached a preliminary decision that Amazon had breached competition rules by using third-party seller data to boost its own products. At the same time, they launched a second investigation into its alleged preferential treatment of its own products on its site and those of its partners.