The EU has fined Amazon a record €746 million ($887m) for GDPR violations related to ad targetting.
The decision stems from a 2018 complaint by French privacy rights group La Quadrature du Net, which alleged that Amazon’s ad targetting doesn’t obtain free consent from users.
The ruling, which was issued by Luxembourg’s data protection authority (CNPD) on July 16, was disclosed by Amazon in a regulatory filing on Friday.
The CNPD oversees Amazon’s operations in Europe because the company’s EU headquarters are based in Luxembourg.
The watchdog said that “Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation. The authority is also asking for undisclosed “practice revisions.”
In a statement, Amazon said it plans to appeal the decision:
There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed.
We strongly disagree with the CNPD’s ruling, and we intend to appeal. The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.
The penalty would be the largest ever imposed for a GDPR breach. The previous record of $118.82m ($100m) was dished out to Google last year for violating rules on ad trackers.
The eye-popping sum still wouldn’t be a huge dent in the coffers of Amazon. The e-commerce giant just posted its third $100 billion quarter in a row.
Greetings Humanoids! Did you know we have a newsletter all about AI? You can subscribe to it right here.