Tag: record fine

Amazon facing potential record GDPR fine

18. June 2021

Luxembourg’s National Commission for Data Protection, the CNPD, has proposed a $ 425 million (€ 348.7 million) fine against Amazon.com Inc. for alleged GDPR violations, the Wall Street Journal reports. It would be the highest penalty to date under EU data protection law, exceeding the current record penalty of € 50 million against Google LLC.

It is not yet clear to the public what exactly the allegations are since the statements are based on a confidential source. Amazon also declined to comment on the case. The charges are apparently related to Amazon’s data collection and usage practices, but do not involve the Amazon Web Services cloud computing business.

The CNPD is Amazon’s competent data protection authority as the international retail company has its regional headquarters in the Grand Duchy of Luxembourg. According to the Article 64 GDPR procedure, the CNPD submitted its draft decision to data protection authorities of the other EU member states, which will have to approve the sanction before it can be officially imposed. Based on comparable cases in the past, the process could take months and lead to substantive changes, including an increased or reduced fine.

Though the proposed amount would set a record, it is far below the maximum of 4 % of the total worldwide annual turnover of the preceding financial year allowed by Article 83 (5) GDPR. It amounts to only about 0.1 % of Amazon’s annual revenue. As some critics say, this illustrates a pattern of data protection authorities favoring big-tech companies and often reducing large initial proposals after a long deliberation period. Given the companies’ massive incomes, such penalties are easy to recover from and ultimately, they run counter to the preventive purpose of the punishment.

As a result, these companies could soon fall under the terms of the Digital Services Act and the Digital Markets Act, which were proposed by the European Commission at the end of 2020 to upgrade rules governing digital services in the EU. This new set of regulations, which specifically targets tech companies, increases potential fines to 10 % of the global turnover.

Record fine for Uber

28. September 2018

Due to an initially concealed data breach in 2016, the U.S. company Uber has to pay a fine of €126 million, as the Attorney General Barbara Underwood announced in a statement.

On November 21, 2017, Uber announced that a hacker attack would take place in 2016, in which the hackers would capture approximately 50 million customer data as well as seven million data from Uber drivers. The company paid the hackers blackmail money instead of reporting the data breach (we reported).

Now a settlement was reached between Uber and the relevant US authorities. The settlement includes the highest fine ever imposed, $148 million (€126 million), flanked by further obligations to improve data security.

Category: Data Breach · USA
Tags: ,