The news: Amazon has been fined €746 million by European Union privacy regulators in Luxembourg—the largest privacy fine in EU history—for alleged data privacy violations, according to a securities filing released by Amazon. The fine, issued two weeks ago by Luxembourg’s data protection authority CNPD, accuses Amazon of violating the block’s General Data Privacy Regulations (GDPR) rules.
In addition to the monetary penalty, regulators have ordered Amazon to revise certain undisclosed business practices. And while specific details surrounding those business practices and the precise violations in question remain murky at the time of writing, Amazon has already spoken out forcefully against the ruling, saying it will appeal the ruling in court.
Why this matters: EU regulators have ramped up enforcement efforts against Big Tech companies in recent months, increasing both the frequency and severity of fines issued in line with GDPR rules.
More broadly, EU regulators have gained significant enforcement power since GDPR took effect in 2018: watchdogs are permitted under law to issue fines of up to 4% of a company’s annual global sales.
More enforcement power has resulted in more fines. Business law firm DLA Piper estimates there have been at least €142.7 million worth of GDPR-related fines issued between January 2020 and January 2021, a nearly 40% increase from the first 20 months since the law was in effect.
The bigger picture: Europe’s GDPR provides regulators with a clearer legal framework with which to base fines than regulators in other regions.
What’s next? Amid an emboldened European regulatory climate, tech firms, both large and small, will likely need to reassess and assure their GDPR compliance.