U.S. tech giant Amazon's European headquarters are located in Luxembourg, whose data privacy regulator on July 30, 2021 levied a historic EUR746 million fine against the company. (Photo: Emmanuel Dunand/AFP via Getty Images)
Jul 30, 2021
Digital rights advocates on Friday applauded a EUR746 million fine levied against Amazon by a Luxembourg regulator for the tech giant's violation of European Union data privacy laws.
The record penalty--which converts to about U.S. $886 million--was imposed on July 16 by CNPD, Luxembourg's data protection agency, and disclosed in an Amazon regulatory filing (pdf) on Friday, according to Bloomberg.
CNPD said Amazon violated the E.U.'s General Data Protection Regulation (GDPR), which requires companies to seek users' consent prior to using their personal data.
\u201c\ud83d\udc4f\ud83c\udffc\ud83d\udc4f\ud83c\udffe\ud83d\udc4f\ud83c\udffb Congrats to @edri member @laquadrature who rallied 10K people in a collective plaintiff against Amazon for GDPR violations, resulting in a record breaking fine of 746 million.\u201d— EDRi (@EDRi) 1627657193
The fine--while small for a company whose revenue topped $386 billion last year--shatters the previous GDPR violation record of EUR50 million ($59.2 million) imposed by France's CNIL against Google in 2019. Responding to criticism about the relatively modest fines levied against companies like Amazon, CNPD Commissioner Marc Lemmer told Politico earlier this year that "the aim is not to have big sanctions--the aim is to have a change in culture."
The French digital rights group La Quadrature du Net ("Squaring the Net")--which filed a 2018 complaint against Amazon that led to the fine--and other advocacy organizations welcomed the CNPD sanction.
"It's a first step to see a fine that's dissuasive, but we need to remain vigilant and see if the decision also includes an injunction to correct the infringing behavior," La Quadrature du Net attorney Bastien Le Querrec told Bloomberg.
\u201cWhat can you expect from #Amazon and #AWS that provide services to most intelligence agencies including the #CIA and #NSO\u201d— EthicsInTech (@EthicsInTech) 1627668261
La Quadrature du Net said that "this 'party is over' sanction puts in even starker contrast the blatant abdication of the Irish Data Protection Agency who, in three years, was not able to close a single one of the four other actions we lodged against Facebook, Apple, Microsoft, and Google."
The group added that the fine "is also a cold shower for the French CNIL," which it called "but a shadow of its former self."
"Our collective actions were initially lodged before [CNIL], and would have given it a perfect opportunity to take the reins of enforcing the GDPR against the systemic violations of personal data and privacy, which lie at the heart of the business model of the web giants," La Quadrature du Net added.
Amazon--whose European headquarters are located in Luxembourg--responded to the fine by saying it believes the CNPD decision is "without merit" and that it would defend itself "vigorously in this matter."
"Maintaining the security of our customers' information and their trust are top priorities," an Amazon spokesperson said in a statement. "There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed."
Amazon--which is facing growing calls to be broken up in the United States--is also being investigated by E.U. antitrust authorities for allegedly unfairly favoring its own private-label brands, as well as over its voice assistants and data collection.
Why Your Ongoing Support Is Essential
Donald Trump’s attacks on democracy, justice, and a free press are escalating — putting everything we stand for at risk. We believe a better world is possible, but we can’t get there without your support. Common Dreams stands apart. We answer only to you — our readers, activists, and changemakers — not to billionaires or corporations. Our independence allows us to cover the vital stories that others won’t, spotlighting movements for peace, equality, and human rights. Right now, our work faces unprecedented challenges. Misinformation is spreading, journalists are under attack, and financial pressures are mounting. As a reader-supported, nonprofit newsroom, your support is crucial to keep this journalism alive. Whatever you can give — $10, $25, or $100 — helps us stay strong and responsive when the world needs us most. Together, we’ll continue to build the independent, courageous journalism our movement relies on. Thank you for being part of this community. |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Digital rights advocates on Friday applauded a EUR746 million fine levied against Amazon by a Luxembourg regulator for the tech giant's violation of European Union data privacy laws.
The record penalty--which converts to about U.S. $886 million--was imposed on July 16 by CNPD, Luxembourg's data protection agency, and disclosed in an Amazon regulatory filing (pdf) on Friday, according to Bloomberg.
CNPD said Amazon violated the E.U.'s General Data Protection Regulation (GDPR), which requires companies to seek users' consent prior to using their personal data.
\u201c\ud83d\udc4f\ud83c\udffc\ud83d\udc4f\ud83c\udffe\ud83d\udc4f\ud83c\udffb Congrats to @edri member @laquadrature who rallied 10K people in a collective plaintiff against Amazon for GDPR violations, resulting in a record breaking fine of 746 million.\u201d— EDRi (@EDRi) 1627657193
The fine--while small for a company whose revenue topped $386 billion last year--shatters the previous GDPR violation record of EUR50 million ($59.2 million) imposed by France's CNIL against Google in 2019. Responding to criticism about the relatively modest fines levied against companies like Amazon, CNPD Commissioner Marc Lemmer told Politico earlier this year that "the aim is not to have big sanctions--the aim is to have a change in culture."
The French digital rights group La Quadrature du Net ("Squaring the Net")--which filed a 2018 complaint against Amazon that led to the fine--and other advocacy organizations welcomed the CNPD sanction.
"It's a first step to see a fine that's dissuasive, but we need to remain vigilant and see if the decision also includes an injunction to correct the infringing behavior," La Quadrature du Net attorney Bastien Le Querrec told Bloomberg.
\u201cWhat can you expect from #Amazon and #AWS that provide services to most intelligence agencies including the #CIA and #NSO\u201d— EthicsInTech (@EthicsInTech) 1627668261
La Quadrature du Net said that "this 'party is over' sanction puts in even starker contrast the blatant abdication of the Irish Data Protection Agency who, in three years, was not able to close a single one of the four other actions we lodged against Facebook, Apple, Microsoft, and Google."
The group added that the fine "is also a cold shower for the French CNIL," which it called "but a shadow of its former self."
"Our collective actions were initially lodged before [CNIL], and would have given it a perfect opportunity to take the reins of enforcing the GDPR against the systemic violations of personal data and privacy, which lie at the heart of the business model of the web giants," La Quadrature du Net added.
Amazon--whose European headquarters are located in Luxembourg--responded to the fine by saying it believes the CNPD decision is "without merit" and that it would defend itself "vigorously in this matter."
"Maintaining the security of our customers' information and their trust are top priorities," an Amazon spokesperson said in a statement. "There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed."
Amazon--which is facing growing calls to be broken up in the United States--is also being investigated by E.U. antitrust authorities for allegedly unfairly favoring its own private-label brands, as well as over its voice assistants and data collection.
Digital rights advocates on Friday applauded a EUR746 million fine levied against Amazon by a Luxembourg regulator for the tech giant's violation of European Union data privacy laws.
The record penalty--which converts to about U.S. $886 million--was imposed on July 16 by CNPD, Luxembourg's data protection agency, and disclosed in an Amazon regulatory filing (pdf) on Friday, according to Bloomberg.
CNPD said Amazon violated the E.U.'s General Data Protection Regulation (GDPR), which requires companies to seek users' consent prior to using their personal data.
\u201c\ud83d\udc4f\ud83c\udffc\ud83d\udc4f\ud83c\udffe\ud83d\udc4f\ud83c\udffb Congrats to @edri member @laquadrature who rallied 10K people in a collective plaintiff against Amazon for GDPR violations, resulting in a record breaking fine of 746 million.\u201d— EDRi (@EDRi) 1627657193
The fine--while small for a company whose revenue topped $386 billion last year--shatters the previous GDPR violation record of EUR50 million ($59.2 million) imposed by France's CNIL against Google in 2019. Responding to criticism about the relatively modest fines levied against companies like Amazon, CNPD Commissioner Marc Lemmer told Politico earlier this year that "the aim is not to have big sanctions--the aim is to have a change in culture."
The French digital rights group La Quadrature du Net ("Squaring the Net")--which filed a 2018 complaint against Amazon that led to the fine--and other advocacy organizations welcomed the CNPD sanction.
"It's a first step to see a fine that's dissuasive, but we need to remain vigilant and see if the decision also includes an injunction to correct the infringing behavior," La Quadrature du Net attorney Bastien Le Querrec told Bloomberg.
\u201cWhat can you expect from #Amazon and #AWS that provide services to most intelligence agencies including the #CIA and #NSO\u201d— EthicsInTech (@EthicsInTech) 1627668261
La Quadrature du Net said that "this 'party is over' sanction puts in even starker contrast the blatant abdication of the Irish Data Protection Agency who, in three years, was not able to close a single one of the four other actions we lodged against Facebook, Apple, Microsoft, and Google."
The group added that the fine "is also a cold shower for the French CNIL," which it called "but a shadow of its former self."
"Our collective actions were initially lodged before [CNIL], and would have given it a perfect opportunity to take the reins of enforcing the GDPR against the systemic violations of personal data and privacy, which lie at the heart of the business model of the web giants," La Quadrature du Net added.
Amazon--whose European headquarters are located in Luxembourg--responded to the fine by saying it believes the CNPD decision is "without merit" and that it would defend itself "vigorously in this matter."
"Maintaining the security of our customers' information and their trust are top priorities," an Amazon spokesperson said in a statement. "There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed."
Amazon--which is facing growing calls to be broken up in the United States--is also being investigated by E.U. antitrust authorities for allegedly unfairly favoring its own private-label brands, as well as over its voice assistants and data collection.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.