A European Regulator Proposes to Impose the Largest GDPR Fine Ever

The National Data Protection Commission for Luxembourg (CNPD) has reportedly proposed to impose a $425 million fine – which would be the largest GDPR fine ever – on Amazon.  Amazon maintains its EU corporate headquarters in Luxembourg.

In accordance with the GDPR process involving multi-jurisdictional cases, the CNPD circulated a draft decision among the other 26 national privacy authorities in the European Union.  The other regulators must agree on any draft decision before it becomes final.

The proposed fine pertains to Amazon’s alleged legal violations relating to collection and use of individuals’ personal data.  The alleged conduct reportedly does not involve Amazon Web Services, the company’s cloud computing arm.

The GDPR allows regulators to impose fines as large as 4% of the organization’s global revenue for certain violations.  Amazon reported $386.1 billion in annual revenue in 2020, and the proposed fine would constitute about 0.1% of that number.

The largest GDPR fine to date remains the €50 million ($57 million) fine imposed on Google in France in January of 2019.  The second-largest GDPR fine in the amount of €35 million ($41 million) was imposed by the German data protection authority in 2020 on the clothing retailer H&M for its unlawful employee-monitoring activities.

Take a tour of Clarip’s patented data privacy technology and learn how Clarip can help your enterprise comply with emerging state level data subject rights regulations. Call Clarip today at 1-888-252-5653 or schedule a Demo Online!