Amazon received the largest GDPR fine in the EU history for data violations.
€746 million is the amount that shocked the whole world. The fine was applied on the 16th of July 2021 by the Luxembourg data protection authority (CNPD).
Why one of the most popular e-commerce company receives the largest GDPR fine?
It all started with a complaint filed by the French organization La Quadrature du Net. Approximately 10,000 people participated in filling the complaint. The organization claims that the targeted ad system used by Amazon is not based on free consent.
Contrarily, the American company appealed the decision. “There has been no data breach, and no customer data has been exposed to any third party”. “These facts are undisputed. We strongly disagree with the CNPD’s ruling.”
Amazon revealed the penalty in official documents. In addition, the Luxembourg authority requested the company to review their practices.
The punishment is by far the highest ever granted since the GDPR came into effect. The French organization stated that the size of the sentence indicates that Amazon's targeted ad system did not get users freely but in violation of the GDPR.
The previous GDPR sanction of €50 million to Google also comes after a complaint filed by the French organization.
There are also concerns that Amazon may have used collected data to 'give itself an unfair advantage in the marketplace', affirms Bloomberg.
CNPD did not provide more details about this case. It remains to see what the authority will decide following the appeal filed by Amazon.
If you collect, store or process data of the EU residents in any format, you must comply with the GDPR. Regardless of the size of your business, if you use CCTV, website cookies, or emails make sure you maintain the data privacy.
According to the GDPR, the DPAs (Data Protection Authorities) can impose fines of up to 4% of the annual turnover. Find more about fines and penalties and how to avoid them.
Sovy provides all the necessary tools to become and stay compliant with the GDPR. Training your staff is also important to avoid penalties and fines. Make sure you have your team trained and up-to-date with all the changes that appear.
Many of the fines applied by the DPAs were due to a lack of knowledge of GDPR among the employees. You will have a better control of collected data and its processing if your team understands the principles of GDPR.