Amazon Receives $887 Million EU Fine for Data Privacy Violations

Written by: Alyssa Feliciano, Esq.

On July 16, 2021, the EU’s Commission Nationale pour le Protection des Données (“CNPD”) fined Amazon the equivalent of $887 million dollars after it determined that Amazon was processing personal data in violation of the GDPR.  Amazon representatives released a statement that the finding was without merit, citing that Amazon experienced no data breach and that customer data was not exposed to any third parties.  An appeal to this decision is forthcoming.

A decision has not yet been published by the CNPD, which would provide more details on how Amazon allegedly violated the GDPR.  The CNPD indicated this decision will not be released until the appeal deadline has expired.  Amazon has made it clear there will be aggressive opposition to the decision throughout the appeal process.

The fine follows a few other notable data privacy decisions from the EU, such as Google’s 50 million euro fine, which signals that businesses can expect a continued vigorous enforcement of the GDPR.