The GDPR law has been in effect since 2018, and since then many companies have been fined for their lack of concern for customers’ data privacy. What is the difference between how Amazon and Facebook were fined? Why did Amazon get fined more than others?
The General Data Protection Regulation (GDPR) came into force on May 25th, 2018. A key aspect of this regulation is that it does not allow any company to process data from European Union citizens unless they have explicit consent. In other words, if you
are an EU citizen and you do not give your permission, then no one can collect your personal information or use it for anything else - including marketing purposes. It also requires companies to report breaches within 72 hours of detection.
Over the past few years, Amazon has received various fines for their use of users’ data, including web cookies to track activities, without proper consent. But this latest fine is significantly higher than past fines. And not only is it higher, it’s substantially
more than the fines received by any other companies for data breaches such as British Airways, H&M, Marriott and Google.
Inappropriate handling of data
Luxembourg's National Commission for Data Protection has slapped Amazon with the $886.6 million fine as it claimed that personal information was handled inappropriately and did not comply with European Union law; this is an unparalleled fine amount, now
set by Luxembourg as precedent where other countries are yet to enforce such penalties on companies who break these laws, or who fail to maintain their standards when processing sensitive user data.
In response to the fine, Amazon said:
“We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter.”
It seems that there are many who believe large tech corporations such as Google, Facebook, and Amazon abuse their power. This most recent fine is a sign of more regulation to come for these companies.
Violating EU data law
Amazon was fined for allegedly violating EU data law, but the exact details are still unknown. What we do know about the breach is that it must be reasonably serious given that regulators take into account things like how significant and long-lasting a company's
actions were before deciding on an appropriate penalty. What this means is simple – it’s time to take data regulation and legislation seriously.
An Amazon spokesperson said that maintaining the security of customers' data and their trust are top priorities.
"There has been no breach, and customer information was not exposed to any third party."
The firm strongly disagrees with the ruling from CNPD and will appeal it in court.