This is the heaviest financial penalty ever imposed under the new European regulation on the protection of private data (GDPR) of Internet users. Amazon was fined 746 million euros for violating the GDPR.
At the origin of this conviction, the association for the defense of freedoms La Quadrature du Net had filed five complaints with the French gendarme of personal data, the Cnil, against Amazon, Apple, Google, Facebook and Microsoft at the end of May 2018, after the entry into force of the GDPR regulations.
After 50 million against Google in 2019, a new record for GDPR fines, still on our collective complaints: 746 million against Amazon!
Congratulations to the 10,000 people who signed the complaint with us in 2018, we’re not giving up on GAFAM!https://t.co/J4sDxesoRT
– La Quadrature du Net (@laquadrature) July 30, 2021
A fine imposed in mid-July
Amazon having its headquarters in Luxembourg, the CNPD transmitted the file, which resulted in this fine, imposed in mid-July by the Luxembourg data protection commission (CNPD), but announced only on Friday by Amazon in a stock market document. .
The CNPD “claims that the processing of data by Amazon did not comply with European Union data protection regulations,” said the Internet giant in its stock market document.
A “baseless” conviction, according to Amazon
This conviction is “unfounded”, said Amazon, specifying in a separate statement that it intended to “appeal”. “There has been no data leakage, and no customer data has been exposed to any third party,” adds the group, which has been sentenced to the heaviest fine ever imposed by a national authority for violating the rules. GDPR.
The Web giant had already been sentenced at the end of 2020 to a fine of 35 million euros by the Cnil for non-compliance with the legislation on cookies, advertising tracers. Google, for its part, had taken a fine of 100 million euros, as well as another of 50 million euros, the latter being already linked to the GDPR.
785 fines issued by 22 data protection authorities in the EU
The latest report from the European Commission from June 2020 on the implementation of this regulation reports around 785 fines issued by 22 data protection authorities in the EU between May 25, 2018 and November 30, 2019. amounts mentioned are generally much lower than the fine imposed on Amazon.
“This historic sanction strikes at the heart the system of predation of the Gafam and must be applauded as such”, reacted La Quadrature du Net in a press release. The association recalls that its complaint was aimed at “the advertising targeting system imposed by Amazon (…) carried out without our free consent”.
“In contrast, this historic sanction makes even more glaring the widespread resignation of the Irish data protection authority which, in three years, has not been able to close any of the other four complaints we have initiated against Facebook, Apple, Microsoft and Google ”, also protests the association.
Numerous measures to strengthen data protection
Gafam is regularly criticized for the way they use the personal data of their users. Brussels tried to bring order by imposing in 2018 its general data protection regulation, which has established itself as a global benchmark.
Businesses must seek consent from citizens when requesting their personal data, inform them of the use that will be made of it and allow them to delete the data. Breaches can be punished with heavy fines.
In addition, according to the new European regulation on digital services, platforms will no longer be able to use data collected through several services to target a user against their will. They will also have to provide client companies with access to the data they generate.