Amazon facing potential record GDPR fine
Luxembourg’s National Commission for Data Protection, the CNPD, has proposed a $ 425 million (€ 348.7 million) fine against Amazon.com Inc. for alleged GDPR violations, the Wall Street Journal reports. It would be the highest penalty to date under EU data protection law, exceeding the current record penalty of € 50 million against Google LLC.
It is not yet clear to the public what exactly the allegations are since the statements are based on a confidential source. Amazon also declined to comment on the case. The charges are apparently related to Amazon’s data collection and usage practices, but do not involve the Amazon Web Services cloud computing business.
The CNPD is Amazon’s competent data protection authority as the international retail company has its regional headquarters in the Grand Duchy of Luxembourg. According to the Article 64 GDPR procedure, the CNPD submitted its draft decision to data protection authorities of the other EU member states, which will have to approve the sanction before it can be officially imposed. Based on comparable cases in the past, the process could take months and lead to substantive changes, including an increased or reduced fine.
Though the proposed amount would set a record, it is far below the maximum of 4 % of the total worldwide annual turnover of the preceding financial year allowed by Article 83 (5) GDPR. It amounts to only about 0.1 % of Amazon’s annual revenue. As some critics say, this illustrates a pattern of data protection authorities favoring big-tech companies and often reducing large initial proposals after a long deliberation period. Given the companies’ massive incomes, such penalties are easy to recover from and ultimately, they run counter to the preventive purpose of the punishment.
As a result, these companies could soon fall under the terms of the Digital Services Act and the Digital Markets Act, which were proposed by the European Commission at the end of 2020 to upgrade rules governing digital services in the EU. This new set of regulations, which specifically targets tech companies, increases potential fines to 10 % of the global turnover.