Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Business https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Amazon faces possible $ 425 million EU privacy fine

Amazon faces possible $ 425 million EU privacy fine

An EU privacy regulator has proposed a fine of more than $ 425 million to Amazon.com Inc.,

AMZN 1.33%

part of a process that could give the largest yet punishments under the bloc’s privacy law, said people familiar with the case.

The Luxembourg Data Protection Commission, CNPD, has issued a draft resolution sanctioning Amazon’s privacy practices and proposing the fine among the bloc’s 26 other national authorities, the people said. The CNPD is Amazon’s leading privacy regulator in the EU because Amazon has its EU headquarters in the Grand Duchy.

The Luxembourg case concerns alleged violations of Europe’s General Data Protection Regulation or GDPR, which is linked to Amazon̵

7;s collection and use of personal data and is not related to its cloud computing business, Amazon Web Services, one of the people who are familiar with the matter said. The person refused to elaborate on the specific allegations against Amazon.

An Amazon spokesman declined to comment. The company has previously said that privacy for its customers is a priority and it complies with the laws of all countries where it operates. A spokesman for the CNPD said the regulator was not allowed to comment on individual cases.

Before the draft decision can be finalized, it must be effectively adopted by other EU legislators on privacy, a process that can take months and lead to significant changes, including a higher or lower fine.

The fine proposed by Luxembourg represents approx. 2% of Amazon’s reported net income of 21.3 billion. $ 2020 and 0.1% of its $ 386 billion. $ For sale. Under the GDPR, regulators can fine up to 4% of a company’s annual turnover.

Luxembourg’s regulator has received a handful of objections to its draft decision, including at least one saying the fine should be higher, said another of the people familiar with the case. Luxembourg can either resolve objections amicably or reject them and trigger a debate and vote among all EU legislators on privacy in the European Data Protection Board.

The EU’s new data protection law, known as the GDPR, has created the first ever Bill of Rights for consumer privacy. Here’s what you need to know. (Originally published August 8, 2018)

The draft decision, along with the size of the fine, signals a new wave of confidentiality enforcement against major technology companies in Europe when giants in Silicon Valley are under increasing global control.

Ireland’s privacy regulator, who leads GDPR enforcement for Facebook Inc.,

Alphabet Inc.’s

Google and Apple Inc.

because their EU headquarters are in the country, has said it expects to draft decisions in about half a dozen privacy cases involving major technology companies this year.

An Irish draft decision circulated to other regulators alleges violations of the GDPR related to Facebook’s data sharing between its social network and its chat app WhatsApp. According to the draft decision, a fine of approx. 30 million euros to 50 million euros, according to people familiar with the matter, equivalent to about $ 37 million to 61 million dollars.

Representatives of Facebook did not immediately respond to requests for comment. When a spokesman was previously asked about the case, a spokesman declined to comment.

The EU’s increasing enforcement of privacy is accompanied by increased enforcement of cartels, with European and US regulators initiating more cases against large technology companies. Last week, the best competition authorities in the UK and EU announced formal antitrust probes in Facebook’s dating service and its classified ad service Marketplace.

A Facebook spokesman said last week that its Marketplace and dating services “operate in a highly competitive environment with many large established companies. We will continue to work fully with the investigations to demonstrate that they are non-profit.”

When it comes to privacy, activists have complained that Europe’s pace of enforcement is too slow. Since the GDPR came into force in 2018, the biggest sanction under the law has been a fine of € 50 million. Against Google from France’s privacy regulator, according to law firm DLA Piper.

Ireland, which leads EU enforcement for many of the largest US technology companies, has come under particular fire from activists and politicians for failing to make more decisions. So far, the authority has issued a final decision in a big-tech case, with Twitter bidding € 450,000 in December.

In response to criticism, Helen Dixon, head of Ireland’s confidentiality authority, said the technical cases are new and that companies should have their rights to respond substantially to all allegations or risk being thrown later in court.

Write to Sam Schechner at sam.schechner@wsj.com

Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

Source link