After a European Union data privacy regulator found that Amazon (AMZN) had violated the bloc’s signature privacy law, known as GDPR, in an advertising-related decision, the e-commerce giant faces a record-breaking €746 million (roughly $887 million) fine.
The fine was imposed on July 16 and revealed in a financial filing on Friday. It is the largest fine in the law’s three-year history, and it is followed by Google’s €50 million fine in 2019.
Amazon’s processing of personal data did not meet GDPR requirements, according to regulators, and the company acknowledged that it has been ordered to change its business practices.
Amazon called the regulatory decision “without merit” and promised to “vigorously defend ourselves in this matter.”
“The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation,” the company said.
Data regulators in Luxembourg, where Amazon has its European headquarters, imposed a penalty for the alleged violation. The Luxembourg data authority, CNPD, did not respond to a request for comment, citing the ongoing nature of the legal proceedings.
The fine is the latest example of European regulators focusing their attention on the tech industry. Officials in Europe and the United Kingdom have been increasingly scrutinizing the business practices of companies such as Amazon, Apple (AAPL), Facebook (FB), and Google (GOOG) amid claims that they have harmed competition and abused consumer privacy. GDPR, or the General Data Protection Regulation, aims to regulate data breaches and rein in how digital platforms use consumer data.
Customer information had not been leaked or exposed, Amazon said in a statement to CNN Business.
“Maintaining the security of our customers’ information and their trust are top priorities,” the statement said. “There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed.”
Violations of the EU’s privacy law can result in fines of up to €20 million or 4% of a company’s global revenue, whichever is higher.
