A report from the Wall Street Journal has revealed that online retail giant Amazon Inc. could potentially be facing a fine in excess of $425 million, should a privacy regulatory agency in the European Union’s Luxembourg have its way. If issued, this would become the biggest-yet penalty issued under the Union’s laws on privacy.
User Privacy at Risk
The agency in question happens to be the CNPD, Luxembourg’s national data-protection commission. The organization has reportedly circulated a draft of it decision regarding the proposed fine, to the remaining 26 data protection agencies across the Union.
CNPD has decided to move forward with the fine, owing to the fact that Amazon has supposed violated the General Data Protection Regulation (or GDPR) under Europe’s law. The violation is apparently in connection to the company’s collection and subsequent use of its consumers’ personal data, even though specifications are not known.
The move first came from Luxembourg, since it happens to be the Headquarters of the Jeff Bezos-led firm’s European operations. However, the draft decision still has a long way to go before it can be finalized, since it requires the agreement of all other privacy regulators in the EU to that effect. This could mean that the firm still has months to modify its practices, or convince the authorities, to take the order back (or at least reduce the burden).
Objections Calling for…..an Increased Fine
The proposed fine as of now stands at around 2% of Amazon’s reported net income in 2020, which was some $21.3 billion. The GDPR allows data commissions to fine up to a maximum of 4% of a firm’s annual revenue. So far, a few of CNPD’s counterparts have objected to the draft decision, but not all are in the negative.
Instead, it is reported that at least one of the objections calls for a higher fine. Luxembourg has the option of resolving the objections amicably, or downright rejecting them. The latter move will lead to a full-fledged vote among all the privacy regulators in the EU, at the European Data Protection Board.
Let’s Look at Ireland
Meanwhile, privacy violation cases elsewhere in the EU are also pending decisions. The privacy regulator in Ireland, which oversees the functioning of Alphabet Inc., Facebook Inc., and Apple Inc., has also said that at least half a dozen cases of privacy guidelines violations will have draft decisions made by the end of this year. These cases mainly involve the big tech companies, which have been under constant fire recently over mounting privacy security issues.