Tel. +44 (0)20 7287 4414
Tel. +44 (0)20 7287 4414
The Bruges Group spearheaded the intellectual battle to win a vote to leave the European Union and, above all, against the emergence of a centralised EU state.
The Bruges Group spearheaded the intellectual battle to win a vote to leave the European Union and, above all, against the emergence of a centralised EU state.

Bruges Group Blog

Spearheading the intellectual battle against the EU. And for new thinking in international affairs.

Amazon Faces Potential EU Privacy Fine of $425 Million


Amazon could lose $425 million in fines after allegations of violation of EU data-protection laws according to Luxemburg's data-protection commission, CNDP. 

For many large tech companies, user data is their bread and butter. Not only do they store and catalogue it, they use it to improve how their site is perceived by users. As harmless as it sounds, there is a huge debate around how user data is obtained, what kind of data is obtained and how it is used.

Such allegations are not uncommon for a lot of online platforms including online casinos. While a lot of online casinos face complaints regarding leaking their users' data, some are on the right state of doing business. Check out this Casimba Casino Review to know all about them!

User data helps companies understand customer trends, tailor experiences, drive product direction and show problems in current implementation of marketing strategies.

A relatively small company can achieve great success with little if they are able to implement their collected user data correctly. There are companies that collect and store data for larger corporations. However, the data that can be collected is governed by factors of privacy, legality, security and ethicality. These factors also influence how the collected data is used and responsibilities towards customers.

On 15th May 2018, the EU enacted the General Data Protection Regulation or GDPR, the most stringent and toughest privacy and security law in the world. Violators of the law will have large fines levied against them. The law has been proposed at a time where more and more people are entrusting personal data to cloud services and breaches becoming commonplace.

According to the GDPR, complaints against violators go to where that company's EU headquarters are and for Amazon that is in Luxemburg and Luxemburg's privacy regulator, CNDP has found Amazon in violation of the GDPR based on their usage and collection of user data and has circulated a draft decision amongst the rest of the EU nations, encouraging them to sanction Amazon's privacy practices and enforce the fine on the retailing giant.

Before the decision is made final, it has to be approved by other EU privacy regulators and this process could take months and may lead to major changes including a higher or lower fine.

However, amongst the various objections against the fine, the most wanted is to increase the amount of the fine as $425 million is a drop in the ocean when considering Amazon's net income of $21.3 billion for 2020. When considering the proposed fine against their annual sales of $386 billion, it looks rather tame. According to the GDPR, privacy regulators can fine up to 4% of a company's annual income.

The DPC, Ireland's data protection commission leads GDPR enforcement for Facebook, Google and Apple as their EU headquarters are based there says that it expects to make about half a dozen draft decisions in various privacy cases involving large tech companies.

However, many privacy activists claim that Europe is not moving fast enough to enforce regulations and not issuing larger fines against violators. Since the GDPR came into effect in 2018 the largest fine was for $60.5 million against Google from France's privacy regulator CNIL, according to law firm DLA Piper.

Amongst all this the DPC has been particularly scrutinized by politicians and activists about not issuing more draft decisions. The latest decision that was finalized was a $544,770 fine against Twitter.

Firstly, Ireland hosts several of big tech's EU headquarters and this puts a lot of pressure on the DPC. Ireland's privacy regulator is quite small and is not funded as well as other country's regulators. It gets by on about $20 million where the UK has over $80 million in funding.

In order to be able to keep up with the huge case load, many pundits have said that the DPC will need significant funding. Even though the DPC has had its funding increased and added more staff recently, progress is slow and criticisms are many.

One is towards the GDPR's rule about funneling complaints to the country where the company's EU headquarters are based. Katherine Kelber, the director of training at Castlebridge suggested taking a pan-European approach instead of putting all the pressure on a single nation.

A reason for the slow pace of enforcement is the fact that regulators want to ensure that their decisions aren't repealed in court, so they take their time to ensure a proper argument.

Of course, regulators can't just fine big tech, they can also stop a company from collecting data, either temporarily or permanently and this could affect companies like Amazon, Facebook and Twitter greatly.

Europe's new GDPR sets a new precedent for large tech companies like Amazon, with it slated to receive a $450 million fine. 

Font size: +

Contact us

Director : Robert Oulds
Tel: 020 7287 4414
Chairman: Barry Legg
The Bruges Group
246 Linen Hall, 162-168 Regent Street
London W1B 5TB
United Kingdom
Founder President :
The Rt Hon. the Baroness Thatcher of Kesteven LG, OM, FRS 
Vice-President : The Rt Hon. the Lord Lamont of Lerwick,
Chairman: Barry Legg
Director : Robert Oulds MA, FRSA
Washington D.C. Representative : John O'Sullivan CBE
Founder Chairman : Lord Harris of High Cross
Head of Media: Jack Soames