Amazon has been fined a record-breaking €746 million for allegedly violating the General Data Protection Regulation (GDPR) in the way it conducts targeted behavioral advertising.
Luxembourg’s Commission nationale pour la protection des données (CNPD), an independent public organization charged with monitoring the legality of the gathering and use of personal data, levied the hefty fine.
Amazon indicated that the huge fine stemmed from a fine imposed by the CNPD in July 2021 for improper data processing.
The Luxembourg National Commission for Data Protection (the “CNPD”) issued an order against Amazon Europe Core S.à r.l. on July 16, 2021, alleging that Amazon’s processing of personal data violated the EU General Data Protection Regulation.
A penalty of €746 million was imposed as well as practice changes as a result of the decision.
La Quadrature du Net filed a case against Amazon Europe Core SARL, Amazon EU SARL, Amazon Services Europe SARL, Amazon Media EU SARL, and Amazon Video Limited in 2018.
According to the complaint, Amazon analyses user behavior in order to create profiles that are used for targeted advertising.
The development of these behavioral profiles is done without the consent of the user, which is against GDPR.
This consequence, according to the company, is not related to a data breach or unauthorized access to consumer data, but rather to how they do advertising.
The judgement is based on subjective and unproven interpretations of the GDPR privacy law, according to the company.
The company is dissatisfied with the CNPD’s decision and plans to appeal.
This is the largest fine the European Union has ever imposed for GDPR violations. Google was fined €50 million ($56.6 million at the time) for not correctly receiving consent when processing user data while creating a Google account or performing ads.
You might also like:
Estonia arrests hacker for stealing 286K ID scans
Meteor wiper malware was used against Iran’s national railway system