On July 16, 2021, the Luxembourg data protection authority (Commission nationale pour la protection des donées, “CNPD”) imposed a record-breaking €746 million fine on Amazon Europe Core S.à.r.l. for alleged violations of the EU General Data Protection Regulation (“GDPR”). The CNPD also ordered Amazon to revise certain of its practices. As Amazon has its EU headquarters in Luxembourg, the CNPD acts as Amazon’s lead supervisory authority in the EU.
Based on press reports and Amazon’s public statements, the fine appears to relate to Amazon’s use of customer data for targeted advertising purposes.
The amount of the fine is substantially higher than the proposed fine in a draft decision that was previously reported in the press.
Although the CNPD’s decision is not publicly available, the decision was confirmed by Amazon’s SEC 10-Q filing. Amazon indicated that it will appeal the decision.