Community Edition
Total Tests:
This Week:
Today:
Recent Blog Posts
REvil Ransomware Operator Behind The Kaseya Supply Chain Hack Sentenced To 13 Years In Prison
May 2, 2024
Four Iranian Hackers Charged With Cyberattacks On American Firms
April 25, 2024
An Ex-Amazon Security Engineer Gets 3 Years In Jail For Hacking And Crypto Theft
April 18, 2024
Hacker Fakes His Own Death To Avoid Child Support Payments
April 11, 2024
ATM Skimming Ring Leader Sentenced To 75 Months In Prison
April 4, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Amazon faces £635 million fine for GDPR violations

By Tom Allen for Computing
Friday, July 30, 2021

CNPD, the Luxembourg data regulator, handed Amazon the fine on the 16th July for violating the General Data Protection Regulation. The company released the details on Friday 30th July, saying in a statement, 'There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed. We strongly disagree with the CNPD's ruling.'

Ilia Kolochenko, a member of Europol Data Protection Experts Network and founder of ImmuniWeb, commented: "Contrasted to the common misconception, Article 83 of GDPR is very specific about its penalties: security-related incidents are fined by up to two per cent of the annual turnover, while violations such as lack of consent or unlawful data processing are punished more severely by a fine going up to four per cent. Thus, Amazon's statement that no data breach has occurred is probably not very relevant to the case.

Amazon, which has its EU headquarters in Luxembourg, plans to appeal the ruling, which Kolochenko said is likely to at least partly succeed: "In view of the recent GDPR-related litigation in the EU and available jurisprudence, the fine...indeed seems to be excessive and will likely be significantly reduced on appeal. Amazon will undoubtedly endeavour to win the case in court on appeal."

Full details about the case are not available, though we do know that the fine stemmed from a 2018 complaint from French privacy rights group La Quadrature du Net (LQN).

LQN has long fought against the commodification of peoples' personal data. In 2018, in concert with the launch of GDPR, it launched a series of complaints with the French data regulator, CNIL, against Google, Apple, Facebook, Amazon and Microsoft. CNIL handled the Google case, while handing others to its counterparts in Ireland and Luxembourg. It is likely that this complaint is the source of the Amazon fine.

Such a large penalty may have political and trade ramifications, Kolochenko said: "The outcome of this case will likely be influenced by politics, as such punitive actions by the EU may strongly discourage American companies doing business in Europe. Furthermore, it may motivate US states, that are now rapidly implementing state privacy laws, to retaliate by imposing mirrored penalties upon European companies. The long-awaited federal privacy law in the US should hopefully harmonise data protection regimes and finally bring a peace of mind both to consumers and businesses on the two sides of the pond." Read Full Article


Previous Media Publications:

SC Media: Top exploit list highlights the long tail of some vulnerabilities

Dark Reading: CISA, FBI Name the Most Exploited Vulnerabilities Over the Past Year

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential