Amazon quietly took a big hit earlier this month, as the company was issued the largest ever fine for data protection violations in Europe. On July 16, Luxembourg's data protection authority told Amazon it would have to pay a penalty of 746 million euros ($888 million) for violating the EU's strict data protection laws, known as the GDPR.
The fine came from Luxembourg's CNPD following an investigation into the way Amazon processes customer data, and was revealed in a regulatory filing by the company on Friday, according to Bloomberg. The CNPD hasn't commented publicly on its decision and didn't immediately respond to request for comment.
Its investigation into Amazon was based on a 2018 complaint by French privacy group La Quadrature du Net. The group says it represents the interests of thousands of Europeans to ensure their data isn't used by big tech companies to manipulate their behavior for political or commercial purposes. It didn't immediately respond to request for comment.
Amazon is under growing scrutiny both at home and abroad over the way it uses customer data. Regulators are concerned that not only could the company's data processing policies violate privacy protections for consumers while they're shopping online, they might give the company an advantage over competitors operating within its marketplace. Meanwhile, Amazon is keen for customers to know that their data is safe, and unlike many GDPR fines, this one hasn't been issued due to a data breach.
"Maintaining the security of our customers' information and their trust are top priorities," said an Amazon spokesman in a statement on Friday. "There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed."
In 2018, data protection authorities across Europe were given greater powers to wield against companies that failed to protect people's data or use it appropriately with the introduction of the GDPR. If companies fail to meet their obligations, the national regulator of the European country in which they're based has the ability to issue fines of up to 4% of global revenue. As Amazon is based in Luxembourg, it is up to the CNPD to decide whether the company is abiding by the rules.
The Amazon spokesman said that the company strongly disagrees with the ruling and planned to appeal. "The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation," he said.