Amazon is being slapped with the largest ever fine given by the European Union’s privacy watchdog for violating data protection rules.
Amazon was handed the €746 million (£637 million) fine by the Luxembourg National Commission for Data Protection (CNPD) on July 16 over accusations it breached General Data Protection Regulation (GDPR) rules for allowing customer data to be exposed to third parties.
The fine, first reported by Bloomberg, was disclosed in Amazon’s recent quarterly earnings report and has been strongly contested by the retailer.
“There has been no data breach, and no customer data has been exposed to any third party,” Amazon said in response.
“These facts are undisputed. We strongly disagree with the CNPD’s ruling.”
The CNPD is required by law to maintain professional secrecy which prevents it from commenting on the case or confirming the receipt of a complaint.
Amazon’s fine, which it says it plans to appeal, is the largest by far handed out under GDPR rules, which came into effect in May 2018.
The previous largest fine to date was Google’s €50 million fine in 2019.
Under GDPR legislation regulators can fine a company up to four per cent of its global annual turnover, or €20 million, whichever number is larger.
In June, it was reported that Amazon is facing another €350 million GDPR fine over accusations it uses customers’ data to inform targeted advertising without their permission, breaching GDPR rules.