Amazon was fined 746 million euros for failing to comply with new European regulations on the protection of internet users' private data, the heaviest financial penalty ever imposed under these rules. At the origin of this conviction, the association for the defense of freedoms La Quadrature du Net, which had filed five complaints against GAFAM.

Amazon was fined 746 million euros for failing to comply with the new European regulation on the protection of the private data of Internet users (GDPR), the heaviest financial penalty ever imposed under these rules.

At the origin of this conviction, the association for the defense of freedoms La Quadrature du Net, had filed five complaints with the French gendarme of personal data, the Cnil, against Amazon, Apple, Google, Facebook and Microsoft at the end of May 2018, after the entry into force of the GDPR regulations.

>> Find Europe evening in replay and podcast here

Amazon plans to "appeal"

Amazon having its headquarters in Luxembourg, the CNPD transmitted the file, which resulted in this fine, imposed in mid-July by the Luxembourg data protection commission (CNPD) but only announced on Friday by Amazon in a stock market document.

The CNPD "affirms that the processing of data by Amazon did not comply with the European Union's data protection regulations," said the internet giant in its stock market document.

This conviction is "unfounded", said Amazon, specifying in a separate statement that it intended to "appeal".

"There has been no data leakage, and no customer data has been exposed to any third party," adds the group, which has been sentenced to the heaviest fine ever imposed by a national authority for violating the rules. GDPR.

Amazon, which presented a disappointing quarterly turnover the day before, saw its title fall by more than 7% on the stock market after the opening of Wall Street.

The web giant had already been sentenced at the end of 2020 to a fine of 35 million euros by the Cnil for non-compliance with the legislation on cookies, advertising tracers.

Google had for its part taken a fine of 100 million euros, as well as another of 50 million euros, the latter being already linked to the GDPR.

This sanction "strikes at the heart the system of predation of GAFAM"

The latest report from the European Commission from June 2020 on the implementation of this regulation reports around 785 fines issued by 22 data protection authorities in the EU between May 25, 2018 and November 30, 2019. amounts mentioned are generally much lower than the fine imposed on Amazon.

Asked by AFP, the CNPD said it was "not authorized to comment on individual cases", although it confirmed having rendered a decision on July 15 concerning Amazon in connection with the GDPR regulations.

"This historic sanction strikes at the heart of the system of predation of GAFAM and must be applauded as such," responded the Quadrature du net in a statement sent to AFP.

The association recalls that its complaint was aimed at "the advertising targeting system imposed by Amazon (...) carried out without our free consent".

"In contrast, this historic sanction makes even more glaring the widespread resignation of the Irish data protection authority which, in three years, has not been able to close any of the other four complaints we have brought against Facebook, Apple, Microsoft and Google ", also protests the association.

Gafam is regularly criticized for the way they use the personal data of their users.

Brussels tried to bring order by imposing in 2018 its general data protection regulation, which has established itself as a global benchmark.

Businesses must seek consent from citizens when requesting their personal data, inform them of the use that will be made of it and allow them to delete the data.

Violations can be punished with heavy fines.

According to the new European regulation on digital services, platforms will no longer be able to use data collected through several services to target a user against their will.

They will also have to provide client companies with access to the data they generate. 

Outside of Europe, the American justice validated in 2020 a fine of 5 billion dollars imposed on Facebook for failing to protect personal data.