Now that Amazon’s Q2 earnings are in, it has submitted a 10-Q filing with the SEC that includes additional details like this eye-popping note about a fine imposed by Luxembourg’s National Commission for Data Protection (CNPD) (via Bloomberg).
On July 16, 2021, the Luxembourg National Commission for Data Protection (the “CNPD”) issued a decision against Amazon Europe Core S.à r.l. claiming that Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation. The decision imposes a fine of €746 million and corresponding practice revisions. We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter.
That converts to about $887 million US, which would be the largest fine ever under Europe’s data protection law. The CNPD has not publicly committed on its decision, and Amazon didn’t specify what revised business practices the commission is proposing.
EU commissioners announced in November 2020 that it was their belief Amazon’s retail business misused non-public data to compete with other sellers in France and Germany. In a statement given to The Wall Street Journal, Amazon says, “The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.” The WSJ notes that GDPR (General Data Protection Regulation) regulations allow for fines of up to 4 percent of a company’s revenue, with the released number amounting to about 4.2 percent of Amazon’s reported $21.3 billion income for 2020.