Amazon has been defeated in its appeal against a substantial fine levied by Luxembourg’s data protection authority. The company contested a record 746 million euro ($812.4 million) penalty, but the court sided with the regulator.
The Luxembourg National Commission for Data Protection (CNPD) announced that the country’s administrative court dismissed Amazon’s appeal on March 18. This decision upholds the CNPD’s original finding that Amazon violated the General Data Protection Regulation (GDPR), the EU’s comprehensive privacy law.
Europe has adopted a stringent approach to GDPR enforcement, setting a global standard for data protection. The CNPD penalized Amazon for its handling of personal data, claiming it was in breach of GDPR rules. Alongside the fine, the CNPD’s decision included measures for Amazon to rectify the identified issues. These measures remain suspended during the appeals process.
Amazon responded to the court’s ruling by stating that it is considering a further appeal. The company criticized the CNPD’s decision, claiming the fine was “unprecedented” and based on “subjective interpretations of the law about which they had not previously published any interpretive guidance.”
This case highlights the increasing scrutiny and significant penalties that companies face for failing to comply with GDPR. The outcome reinforces the importance of robust data protection practices, particularly for large multinational corporations.
