Amazon must pay a fine of 746 million euros for violating the EU's General Data Protection Regulation (GDPR). This was decided by the Administrative Court in Luxembourg, rejecting Amazon's appeal against the sanctions imposed by the National Commission for Data Protection (CNPD). Although the specific details of the violation were not made public, the amount of the fine shows the seriousness of the allegations.
The CNPD had accused Amazon of not having processed personal data in accordance with EU data protection regulations. Amazon responded to these accusations by criticizing the ruling. The company claims that the CNPD's decision is based on “subjective interpretations of the law” for which there were no clear guidelines. Amazon is now considering taking further legal action and the case could go all the way to the highest court in Luxembourg.
The fine was imposed back in 2021 and the proceedings have been in suspence ever since. Amazon emphasizes that there has been no breach in the protection of personal data and that customer data has not been passed on to third parties. The company continues to argue that the fine is disproportionate to the alleged breaches.