If the Luxembourg data protection watchdog (the CNPD) has its way, Amazon will have to pay $425 million in fines for breaching the General Data Protection Regulation (GDPR).
According to a Wall Street Journal report, Amazon’s retail business (i.e. not AWS), mishandled customer data – both when it was gathered and utilized – which resulted in a probe conducted by the CNPD.
It fell upon Luxembourg to deal with the matter, due to the fact that Amazon has its European headquarters in Luxembourg City, the country’s capital. The WSJ says the fine would equal two percent of the company’s global annual turnover ($21.3 billion for 2020) or roughly 0.1 percent of its sales ($386 million).
There’s still a long way to go before anything is finalized, however, as other European countries will have a say in the ruling as well. At the moment, it seems some parties are unsatisfied with the proposal, requesting an even greater fine for Amazon.
Under GDPR, a company can be fined up to four percent its global annual turnover, or €20 million, whichever sum is greater.
Luxembourg can either resolve objections amicably, the WSJ said, or reject them, which would result in a debate and vote among all EU privacy regulators.
Both Amazon and the CNPD declined requests for comment.