General Data Protection Regulation (GDPR)
,
Standards, Regulations & Compliance
E-Commerce Giant Accuses Luxembourg Regulators of Attacking the Company
Amazon in a Luxembourg court Tuesday contested a once-record privacy fine levied against the e-commerce giant for its advertising practices by the diminutive country’s data protection authority.
See Also: Live Webinar | Integrating Splunk and Panther for Real-Time Alerting and Custom Dashboarding
At the hearing in Luxembourg’s administrative court, Amazon lawyer Thomas Berger accused the Luxembourg regulator of attacking the company based on unfound allegations, Bloomberg reported. Amazon’s European headquarters is in the country.
The fine of 746 million euros stems from French privacy group La Quadrature du Net’s 2018 complaint alleging that Amazon Europe and its British subsidiary Amazon Video Limited relied on terms and conditions that wrongly interrupted the legal basis for consent and data collection to process its customer data for ad personalization, violating consent and transparency requirements under the General Data Protection Regulation.
Amazon’s once record-setting fine was surpassed last May when European regulators fined Facebook 1.2 billion euros over the issue of data transfers to the United States.
An Amazon spokesperson on Thursday said that the company had appealed the Luxembourg decision because it “strongly disagreed” with the National Data Protection Commission, known as CNDP in France.
“Despite our best efforts to engage constructively, CNPD imposed an unprecedented fine based on subjective interpretations of the law about which they had not previously published any interpretive guidance,” the spokesperson told Information Security Media Group.
A CNDP spokesperson told ISMG that it is currently awaiting a final decision on the case and that “CNPD continues to stand by its line of argumentation.”
The issue of user consent under the GDPR has turned into a multibillion-dollar question for American tech companies. In Irish court, Facebook is fighting an attempt by European regulators to prevent it from relying on personal data to deliver advertising absent the explicit consent of users. The social media giant has relied on provisions in the notoriously complex privacy regulation that allow companies to process personalize data based on “contractual necessity” or “legitimate interests,” justifications that regulators have shot down (see: Europe Clamps Down on Meta Ad Personalization).