Learn from Amazon fine following GDPR


Amazon has been fined with a hefty fine of €746 million ($887 million) for an alleged violation of GDPR due to its targeted advertising.

To date, it remains the largest penalty to be imposed on any company for a breach of the EU’s three-year-old General Data Protection Regulation (GDPR).

The Luxembourg National Commission for Data Protection (CNPD) ruled against Amazon on July 16, 2021, declaring that Amazon didn’t comply with the GDPR while processing personal data.

Business owners must be aware of the consequences that might follow GDPR violations. It is a harsh truth, but one everyone should know.

Action Needed from Amazon and their Reaction

Apart from paying the €746 million fine, the CNPD judgment also makes it necessary for Amazon to make appropriate practice revisions. The company argues that their decision on how they show their customers relevant ads depends on a subjective definition of the European privacy law yet to be tested. Amazon strongly feels that the fine is unjust, and they intend to fight this verdict vigorously.

As Luxembourg houses Amazon’s EU headquarters, its European operations come under the scope of the country’s CNPD. The fine does appear hefty, but it’s still no more than pocket change for the multinational e-commerce giant as Amazon, as of June 2021, held as much as $89.9 billion in cash and equivalents.

Action by the European Commission

The European Commission also alleged misuse of data by Amazon to use private information of customers for favoring their own business over third-party merchants and filed antitrust charges. This case might result in an imposition of a further fine of up to 10% of the annual global revenue it makes.

The GDPR, which came into effect in May 2018, makes it mandatory for a company to disclose the data it collects from users and what purpose it is to be used for. Thus, thousands of services had to adapt their operations to comply with such requirements.

What is the General Data Protection Regulation?

GDPR is a regulation that seeks to protect the personal data privacy of EU citizens and is a body of regulations that companies must abide by to ensure user data privacy. Data exported outside the EU is monitored as well under this regulation. The GDPR replaced an outdated 1995 data protection directive after being adopted in April 2016.

To ensure compliance with the GDPR, companies might have to invest significantly, more so if there are no processes in place currently. The regulation is uniformly applicable in all of the EU’s 28 member nations. Despite the costs involved, compliance with the GDPR is a must as concerns about the collection, sharing, and storage of data keep growing.

Why is GDPR Important?

GDPR is important as this body of rules ensures a great deal of improvement in the protection of the data rights of European citizens. It also acts as a set of guidelines which clarifies clarifying what companies need to do to protect their rights. All companies dealing with data of European Union citizens must abide by the new GDPR rules.

The GDPR grants certain rights to individual users whose data is being processed by a company. There are eight distinct rights outlined in Chapter 3. The GDPR grants each citizen the right to know what data is being collected, how it is being shared, the right to object to the sharing of data, and most importantly, the right to have any data erased.

The General Data Protection Regulation has been a landmark initiative in ensuring that the individual privacy of EU citizens is protected by companies. It imposes restrictions on what companies do with user data so that there’s no threat to individual security and privacy.

Consumers Take Action Themselves

Despite regulations restricting the use of private individual data, privacy violations still occur, and threats to data security remain. To protect themselves, many netizens choose a VPN app. A Virtual Private Network encrypts the connection between your device and the internet. Thus, it hides your IP address and browsing information. Hiding the surfing history keeps advertisers from creating your profile for targeted advertising. This gives you more privacy, and many take advantage of such privacy-focused solutions.


Individual data protection and privacy have assumed greater significance, with incidents of data breach becoming more frequent. Access to individual data and its use should be monitored to prevent its misuse. Hefty penalties being imposed on companies for violation of privacy laws should be an effective deterrent. Individual privacy rights should be protected and given priority.