Amazon filed an appeal at the Luxembourg Administrative Tribunal on Friday challenging an $865M fine imposed by Luxembourg National Commission for Data Protection (CNPD). The penalty was handed down for violations of the EU’s General Data Protection Regulation (GDPR).
The retail giant was first brought under scrutiny by La Quadrature du Net, a French Privacy Advocacy group in 2018. The group filed a complaint which led to an investigation by CNPD. In July 2021, CNPD found that the processing of personal data by Amazon was not in compliance with GDPR. Amazon was subsequently asked to pay the penalty and improve its business practices. This unprecedented fine is the largest ever issued under GDPR. According to the law, authorities are allowed to impose fines of as much as 4% of a company’s annual global sales.
CNPD issued an earlier statement which said that the national law on data protection binds the authority to professional secrecy and therefore prevents it from commenting on individual cases. Amazon has not issued an official statement after filing the appeal, but did say in a related US Securities and Exchange Commission filing that, “We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter. There has been no data breach, and no customer data has been exposed to any third party.“