Amazon has been hit with a record-breaking €746 million fine for alleged GDPR violations for how it performs targeted behavioral advertising.
The huge fine was imposed by Luxembourg’s Commission nationale pour la protection des données (CNPD), an independent public agency established to monitor the legality of the collection and use of personal information.
Amazon stated that this massive fine came out of CNPD in July 2021, which fined them for improper processing of personal data.
On July 16, 2021, the Luxembourg National Commission for Data Protection (the “CNPD”) issued a decision against Amazon Europe Core S.à r.l. claiming that Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation.
The decision had imposed a fine of €746 million and corresponding practice revisions.
The decision comes from a complaint filed by La Quadrature du Net in 2018 against Amazon Europe Core SARL, Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, and Amazon Video Limited.
As per the complaint, Amazon is analyzing users’ behavior to build profiles used for targeted advertising. This creation of these behavioral profiles is being done without a user’s consent which violates GDPR.
Amazon confirmed that this fine is not related to a data breach or unauthorized access to customer data but rather how they perform advertising.
The company believes that the decision is based on subjective and untested interpretations of the GDPR privacy law.
Amazon strongly disagree with the CNPD’s ruling, and they intend to appeal.
This fine is the largest ever issued by the European Union for GDPR violations. The largest fine imposed so far was €50 million ($56.6 million at the time) against Google for not correctly receiving consent when processing user’s data when creating a Google account or performing advertising.
Image Credit : CNET