The Commission Nationale pour la Protection des Data (“CNPD”), Luxembourg’s data protection authority, recently levied a 746 million Euro ($888 million) fine against Amazon for violation of the EU’s General Data Protection Regulation (“GDPR”). Amazon’s fine stems from an investigation which began in 2018, culminating in a July 16, 2021 decision that determined the online retailer improperly processed individuals’ personal data; Amazon has argued that the decision is “without merit.”
The company says it collects data to improve the customer experience, and sets guidelines governing what employees can do with it; however there remains a question of whether EU individuals affirmatively consented to this collection. Given the size of the fine, it would appear that the CNPD has determined that Amazon did not. Amazon is facing significant scrutiny in Germany and other parts of the EU, as well as the UK. As such, this is the first, but likely not the last, that Amazon will be subject to fines for GDPR violations.
Since it was implemented in 2018, GDPR regulation has disappointed advocates for data privacy. Though this fine pales in comparison to Amazon’s annual revenues, it is a sign to other companies that data privacy is an important, yet often overlooked, part of compliance. Amazon seemed unconcerned with their practices, stating that there was “no breach” so there shouldn’t be a problem; this is a basic misunderstanding of GDPR, and should resonate with others who think that they’re “in compliance”. If Amazon isn’t getting it right, how is your company faring?
Clym believes in striking a balance between legal compliance and business needs, which is why we provide a cost-effective, scalable and flexible platform to comply with LGPD, GDPR, CCPA and other laws, including those in the UK, as they come online. Our platform provides consumers with an effective and easy-to-navigate way to opt-out of data collection while not infringing upon the website UI that businesses rely on to drive revenues. Contact us today about how your company can implement Clym to help manage your data privacy regulation compliance from a global perspective.