EU Breaks Record with $887 Million GDPR Fine to Amazon over Data Misuse

August 24, 2021
|In Security
|By Security Team

The Luxembourg National Commission for Data Protection (CNPD) has fined Amazon a record 746 million euro ($ 887 million) GDPR for targeting advertising purposes using customer data. Amazon revealed the decision in an SEC filing on Friday, stating that the decision was baseless and intended to “seriously protect” the matter. Amazon stated that their top priority is to maintain the security of their customers’ information and their trust. It is stated by them that their data has not been infringed and customer data has not been disclosed to any third party. They strongly disagree with CNPD’s decision and wish to appeal.

The fines are completely out of the question. The fines are the result of a complaint by the French privacy rights group La Quadrature du Net 2018, claiming that tens of thousands of Europeans are representing the interests of big tech companies trying to make sure their behavior is not politically or politically manipulated. And the complaint, which also targeted LinkedIn, Apple, Facebook, Google and was filed on behalf of more than 10,000 customers, manipulates Amazon customers on commercial channels and uses the ads and information they receive.

The La Quadrature du Net welcomed the fine issued by the CNPD. The French privacy rights group La Quadrature du Net, represent the interests of thousands of Europeans to ensure that big tech companies do not use customers’ data to manipulate their behavior for political or commercial purposes stating that the economic based model on the exploitation of the privacy and free will is completely illegitimate and contrary to all the values ​​the democratic society claims to protect. CNPD also ruled that Amazon must commit to change its business practices. However, the regulator did not publicly adhere to its decision, and did not specify the revised business practices proposed by Amazon.

The record fine of reducing the 50 million euro GDPR penalty imposed on Google in 2019 comes during the trial of the Amazon business in Europe. In November last year, the European Commission announced official antitrust allegations against the company, alleging that the retailer was abusing its position to compete with third-party businesses using its platform. At the same time, the Commission has launched a second investigation into the priority treatment of its site and the products of its partners.

Recommendations

  1. All the companies complying to GDPR shall take proper consent from their customers for targeting ads using their personal data.
  2. The consent shall be freely given, specific, informed and unambiguous by the customers.
  3. The customers shall have all the rights given to them by GDPR which they can invoke regarding their personal data and companies must reply to all the questions asked by the customers with 1 month of receiving the questions.
  4. The rights shall include the right to restrict and object the processing of their data.