The US company Amazon announced, on Friday 30 July, that it had been fined €746 million after the Luxembourg National Data Protection Commission (CNPD) found it in breach of the General Data Protection Regulation (GDPR).
The CNPD “claims that Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation”.
For its part, Amazon said, in a statement, that the regulatory decision was “without merit” and that it plans to “defend ourselves vigorously in this matter”.
“There has been no data breach, and no customer data has been exposed to any third party”, the e-commerce giant insisted.
This record fine is not a first for Amazon. At the end of 2020, the French Commission Nationale de l'Informatique et des Libertés (CNIL) fined the company €35 million for the management of its cookies policy.
Amazon is not the only company to be targeted by national and European authorities for non-compliance with data protection rules. On the same day as the fine against Amazon, the CNIL also punished Google to the tune of €100 million.
However, the record fine imposed on Amazon does not match the $5 billion fine imposed by the US justice system on Facebook in 2020, due to failure to protect its users’ data. (Original version in French by Thomas Mangin)