Amazon Fined Under EU General Data Protection Regulation
Privacy regulators in the European Union hit Amazon with a record fine of $887 million for advertising violations. It found that Amazon violated the General Data Protection Regulation (GDPR), the main body of data protection laws in the EU. The fine is the largest ever to be issued under the GDPR. The Luxembourg CNPD, the country’s data protection agency, brought the charges.
In response to the EU fine, Amazon stated that the decision was meritless. “The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.”
The fine represents roughly 4.2% of Amazon net income for 2020, which equalled about $21.3 billion. Regulators may impose fines on companies that account for up to 4% of their annual revenue.
About the General Data Protection Regulation
The EU originally published the GDPR 2016. Engorcement began in 2018. The European Parliament and the Council of the European Union made th GDPR. They designed it to protect personal data and enhance individuals’ rights over their personal data. The GDPR also address how the EU should regulate data transfers outside of the EU.
A number of other countries have since modeled their privacy laws based on the framework provided by the GDPR. Argentina, Kenya, the UK, Japan, South Korea, and Brazil are some of the countries that have passed their own privacy laws. The GDPR inspired the drafting of their own privacy laws that relate to companies like Amazon. The GDPR has also been influential at the state and local government level. For example, the California Consumer Privacy Act (CCPA) has many similar provisions to the GDPR. The California legislature passed it in 2009.
Amazon Not the Only One Fined
The EU is not picking on Amazon. EU regulators have also hit other BigTech companies such as Alphabet, Apple, and Facebook with hefty fines. In 2019, the EU fined Google $57 million fine under the EU’s data privacy law. The EU penalized Google under the GDPR for not properly disclosing its data collection practices to users. It failed to disclose them across its service platforms, including YouTube and Google Maps, in the context of targeted advertising. At the time the charges, which France’s data protection authority brought, were only the fourth monetary penalty against any company under the GDPR.
Since then, regulators in the EU have ramped up efforts to reign in the privacy practices of large technology companies like Amazon. The GDPR has had a sweeping impact on tech companies and consumers alike. The increase in the number of consent boxes that have to be clicked has been one of the most noticeable results for the general public.
EU Regulators Take Tough Stance
Eu regulators haven’t just policed the data privacy practices of large companies. They have taken a tough stance on the tax and antitrust violations. Google faced a $5.15 billion antitrust fine for abusing its power over the mobile phone market. The EU decision stated that Google used its Android mobile operating system, in 80% of the world’s smartphones, to suppress competition from rivals. Google is seeking to overturn the ruling at a five-day court hearing scheduled for September 2021.
EU regulators have a number of antitrust investigations into Facebook’s advertising practices. They are probing into how Facebook uses advertising data in its classified ads business. Over the past decade, the EU has hit Facebook with fines totaling over $10 billion in a series of ongoing battles with EU regulators.
Not Just Big Companies Like Amazon
The news headlines have many stories doubt large tech companies facing penalties from EU regulators. But startups operating at a smaller scale should also take precautions in handling consumer data to remain out of the crosshairs of regulators. The consequences of GDPR noncompliance are steep. Under the GDPR, individuals have a right to file a complaint and seek damages when their data is mishandled. The definition of “personal data” under the GDPR is pretty wide-reaching. Furthermore, fines imposed by EU regulators can be up to 4% of the company’s global revenues.
Startups therefore need to implement comprehensive data management strategies. Measures should be taken to manage data in a transparent and secure fashion. The GDPR states that companies should minimize data usage to what is necessary to fulfill its purpose.