A European Union privacy regulator has proposed a fine of more than $425 million against Amazon for alleged violations of Europe General Data Protection Regulation (GDPR) laws.
Quoting unnamed people familiar with the matter, the Wall Street Journal reports that the penalty, if imposed, could be the biggest that’s ever been levied against a GDPR offender.
While the source declined to elaborate the specific allegations against Amazon, they did clarify that it doesn’t concern Amazon’s cloud computing business AWS.
Based on Amazon’s reported net income of $21.3 billion last year, the proposed fine represents about 2% of the company’s 2020 income, and a mere 0.1% of its $386 billion in annual sales. The GDPR allows regulators to impose fines up to 4% of a company’s annual revenue.
Just a draft
It is reported that the draft decision against Amazon is being circulated by Luxembourg’s data-protection commission, the CNPD, among the bloc’s 26 other national authorities.
With its EU headquarters in Luxembourg, Amazon comes within the jurisdiction of the CNPD, making it Amazon’s lead privacy regulator.
However, as per the Wall Street Journal, any GDPR draft decisions must be agreed by all other EU privacy regulators before they become final. This process could take several months, and perhaps even lead to substantive changes to the draft, including alterations to the fine in either direction.
In fact, if the source is to be believed the CNPD has already received a handful of objections to its draft decision, including at least one that’s calling for a higher fine.