Why Amazon Was Fined $887M, And How EU’s Data Law Keeps Tripping Up Tech Giants


Amazon has revealed that it has been handed a massive fine of close to $900 million under the European Union (EU)’s data protection law. Tech giants have increasingly come under scrutiny of regulators in EU following its enactment of the General Data Protection Regulation (GDPR) in 2018, which is seen as giving them enough teeth to go after any abuse of users’ data. While Amazon has said it will challenge the penalty, here’s all you need to know about the European law and why the e-commerce behemoth has fallen foul of it.

How Did Amazon Get Fined?

The penalty on Amazon has been imposed by Luxembourg’s National Commission for Data Protection (CNPD), reportedly in a case brought before it in 2018 by French privacy rights group La Quadrature du Net, which alleged that the e-tail giant had manipulated customers’ data to show what advertising and information they receive.

The rights group said in a post that the “collective complaint” against Amazon was filed by 10,000 people and the ruling now vindicates their stand that “the advertising targeting system imposed by Amazon is carried out without our free consent, in violation of the GDPR”. It added that the penalty “is the new European record for fines pronounced against a violation of the GDPR”.

What Does GDPR Say?

You may have noticed that many websites, especially the ones being run out of Europe, now seek your consent on their use of cookies when you visit their pages. That is thanks to GDPR, which came in to effect in 2018. The basic idea espoused by the regulation is that companies should obtain explicit consent of users before leveraging any data or information that they glean from them. And it seeks to achieve its goal by the imposition of steep fines.

According to the French rights group, before the Amazon fine, the largest penalty slapped on a tech giant was on Google in 2019. The French data privacy watchdog had asked the internet search giant to pay up $57 million, reportedly after finding that the “advertising targeting on its Android operating system does not comply with the general data protection regulations”.

Reports say that it took over three years of negotiations among EU members to thrash out the GDPR stipulations and these have now been incorporated as part of their national laws, which means that companies can face action across jurisdictions for violation of the rules.

Explaining what GDPR is, the EU says it “is the toughest privacy and security law in the world”. It underlines how, despite being a law put in place by EU, it “imposes obligations onto organisations anywhere, so long as they target or collect data related to people in the EU”.

“The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros,” it says. The maximum penalty for the violation of GDPR laws is 4 per cent of a company’s global annual turnover, or $23 million, whichever is higher. Which means that the more profitable a company, the greater the costs it may face for running foul of GDPR requirements.

What Has Amazon Said?

Following the penalty imposed on it in France, Google had appealed the decision, but the country’s highest administrative authority had in June last year dismissed the challenge, saying it agreed that the information that Google shared with users did “not meet the requirements of clarity and accessibility required by the GDPR”.

The Council of State, the French government body that is also the court of last resort for matters of administrative justice, also held that the fine on Google was not disproportionate “given the particular seriousness of the breaches committed, their continuous nature and duration, the ceilings provided for by the GDPR and Google’s financial situation”. After its appeal was dismissed, news agency AFP had quoted Google as saying that it would “examine the changes we need to make”.

Disclosing the $885 million (euros 746 million) fine in a US Security and Exchange Commission (SEC) filing, Amazon said it believes the “decision to be without merit” and that it intends to “vigorously defend” itself in the matter.

A statement from Amazon further stated that there “has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed”. It added that the “the decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation”.

Read all the Latest News, Breaking News and Coronavirus News here

Source link


Please enter your comment!
Please enter your name here