Amazon brought back to earth with a bang
Over the weekend it was reported that Amazon had been subject to regulatory investigation by Luxembourg's data protection regulator, resulting in a substantial fine.
The size of the fine... a mere €746 million.
At the moment we have no detail as to what Amazon has done to incur the wrath of Luxembourg's data protection regulator, the fine having only come to light as a result of it being mentioned in Amazon's quarterly earnings report. However, it's safe to assume that for such a fine to have been levied Amazon must have flagrantly and repeatedly committed the most serious to breaches of GDPR, across multiple jurisdictions.
For those wondering, the reason why Luxembourg's data protection regulator is involved is because Amazon has its primary base in Luxembourg, for tax reasons, and article 60 of GDPR enables one regulator to take action on behalf of other data protection regulators in the EU where breaches cross numerous jurisdictions.
At the moment information is scarce because, under Luxembourg law, the data protection regulator is unable to publish any information regarding the investigation until such time as Amazon has either failed to appeal within the appeal timescales, or any appeal that it has made fails. What we can understand from this, though, is that regulators are not shy of taking on even the biggest companies, with Amazon the latest in a long line of huge multinational corporations being investigated and fined by data regulators.
The most likely outcome is that Amazon will appeal and will successfully reduce the amount of the fine to something eye-watering, but significantly less eye-watering, than the one currently being reported. In any event, it serves as a warning for all companies that data protection, and compliance with data protection laws, is vitally important for all businesses.
These notes have been prepared for the purpose of articles only. They should not be regarded as a substitute for taking legal advice.