(Bloomberg) — Amazon.com Inc. faces the biggest ever European Union fine for a data privacy breach as its lead watchdog hit it with a 746 million-euro ($888 million) penalty for violating the bloc’s tough data protection rules.
The Luxembourg data protection authority’s decision on July 16 was disclosed in a regulatory filing by Amazon on Friday. The decision said Amazon’s “processing of personal data did not comply with the EU General Data Protection Regulation.”
Amazon said in the filing the fine is “without merit” and will “defend ourselves vigorously in this matter.” The firm will appeal the decision.
The decision concludes a probe started by a 2018 complaint from a French privacy rights group.
“There has been no data breach, and no customer data has been exposed to any third party,” Amazon said in a statement. “These facts are undisputed. We strongly disagree with the CNPD’s ruling.”
EU data protection regulators’ powers have increased significantly since the bloc’s so-called General Data Protection Regulation, or GDPR, took effect in May 2018. It allows watchdogs for the first time to levy fines of as much as 4% of a company’s annual global sales. The biggest fine to date was a 50 million-euro penalty for Google issued by France’s CNIL.
CNPD, the Luxembourg data watchdog, didn’t immediately respond to an email seeking comment. Local laws bind the Luxembourg authority to professional secrecy and prevent it from commenting on individual cases, or confirm receipt of a complaint.
More stories like this are available on bloomberg.com
©2021 Bloomberg L.P.