If this sanction were to be confirmed, it could be the heaviest fine ever imposed for non-compliance with the General Data Protection Regulation in Europe.
As Amazon’s European headquarters are in Luxembourg, it was the Luxembourg Data Protection Commission which proposed to the 26 other national authorities of the European Union to impose a very heavy sanction on the company for not compliance with the GDPR. The Wall Street Journal reports that the proposed fine represents 2% of the net income reported by Amazon, or $425 million (the equivalent of 350 million euros).
The heaviest fine under GDPR
The Luxembourg Data Protection Commission (CNPD) is Amazon’s main regulatory body within the European Union. This time around, they accused Amazon of failing to comply with the General Data Protection Regulation (GDPR). Amazon is said to have illegally collected and used the data of its users. According to a person familiar with the matter, they do not link this collection to the activities of Amazon Web Services (AWS) but to Amazon. The company has not yet declined to comment.
This sanction proposal is only at the draft stage for the moment. For it to be effective, the other European regulatory commissions must approve it. A process that could take months and result in substantial changes, including a higher or lower fine than the one proposed. Anyway, the Luxembourg Commission wants to strike hard by proposing such an exorbitant amount. Under GDPR, regulators can impose a fine of up to 4% of annual revenue .
GAFA are in the sights of regulators
A source who worked on the case told the Wall Street Journal that several people would have liked the fine for non-compliance with the GDPR to be even higher. The US digital giants are currently in the sights of all global regulators. In the United States, a bill could even reshape the way GAFAs thrive around the world. A bill that follows the antitrust hearings last summer. The chairman of the Antitrust Committee ended his speech this way: “Our founders refused to bow down to a king. So we don’t have to kneel before the emperors of the digital economy.“
In recent months, there has been an intensification of the application of the rules for protecting privacy by the European Union. On the other side of the Atlantic it is the same with the application of antitrust rules. Yet some privacy activists believe the pace of law enforcement is too slow. Since the GDPR came into effect in 2018, the biggest sanction imposed has been a €50 million fine against Google. It was France that handled the fine. If it approved the sanction of 350 million euros against Amazon, that would be historic.