2 min

A European Union privacy regulator has proposed that a $425 million fine be levied against Amazon, as part of a process that could lead to the largest fine ever handed down under the EU’s law. The news comes from people close to the case.

The CNPD, Luxembourg’s data protection commission, has shared a draft decision that sanctions Amazon’s privacy practices and proposes the fine, to the 26 member states of the bloc. The CNPD is Amazon’s lead privacy regulator in the EU because the giant retailer chose to locate its EU headquarters in Luxembourg City.

Nothing official yet

Amazon declined to comment on early requests for a statement regarding this possible fine. The GDPR laws require that a company seek people’s consent before using their data or face fines based on how much revenue they pull in.

An EU court ruling in May annulled a court order that would have seen Amazon, which is headquartered in the Grand Duchy, pay back taxes to the country. A spokesman for the CNPD said that the regulator was not allowed to comment on individual cases and as such, nothing has been officially confirmed to the press yet.

Relatively low fines

The fine proposed here would represent about 2% of Amazon’s reported net income of $21.3 billion in 2020 and 0.1% of its $386 billion in sales. The GDPR says that regulators can fine up to 4% of a company’s annual revenue in such cases.

The numbers tell a story and it is not the kind people want to see. These fines are not impactful enough. If anything, these companies might not see this as punishment. A handful of objections to this Luxembourg draft have come through, with at least one saying that the fine should be significantly higher than this.