Amazon could be fined more than $425 million under the privacy law of the European Union, the Wall Street Journal reported, quoting people familiar with the matter.
The WSJ report said Luxembourg’s data-protection commission, the CNPD, has circulated a draft decision authorising Amazon’s privacy practices and proposing the fine among the bloc’s 26 other national authorities. This $425-million penalty could be the largest-ever fine under European Union privacy laws so far.
A source said the Luxembourg case pertains to alleged violations of EU's landmark data privacy rules General Data Protection Regulation (GDPR) and is related to Amazon’s collection and use of personal data. It has nothing to do with Amazon Web Services, its cloud-computing business. Under the rules and regulations of GDPR, companies are required to seek people's consent before using their personal data or face steep fines.
In 2019, another tech giant Google was fined $57 million by the French data regulator Commission nationale de l'informatique et des libertés (CNIL), for a breach of the EU's data protection rules.
According to CNIL, it had levied the fine for "lack of transparency, inadequate information and lack of valid consent regarding ads personalisation."
Popular microblogging site Twitter was also fined $547,000 by the Irish data regulator, Data Protection Commission in 2020, following a bug in its Android app that led to some protected tweets becoming public.
A MarketWatch report shed light on the monetary aspect of the possible penalty that the tech giant could face. As per the report, the potential fine amounts to a little over 0.1 percent of Amazon’s annual revenue in 2020, which stood at $386.1 billion. Under GDPR, a company can be fined up to 4 percent of its global sales for the most severe infringements of the law, which could lead to Amazon facing a maximum fine of $1.54 billion.
(Edited by : Shoma)