Record fine for Amazon: GDPR violation costs 746 million euros

initiation

Protecting personal data is of paramount importance in today's digital world. Companies that oppose the General Data Protection Regulation (GDPR) If they violate the European Union, they must expect significant consequences. A recent example of this is the online giant amazon, which for breaches of the GDPR is subject to a fine of 746 million euros was convicted. This article sheds light on the background, the course of the proceedings and the possible consequences of this judgment.

Background to the case

In July 2021, the Luxembourg Data Protection Authority imposed Commission Nationale pour la Protection des données (CNPD) a fine of 746 million euros against Amazon. The allegation: Amazon has personal data of its users without their express consent for interest-based advertising processed and therefore violate Articles 6, 12 to 17 and 21 of the GDPR.‍

The CNPD also required Amazon to adjust its data processing practices accordingly to meet the requirements of the GDPR. Amazon denied the allegations and appealed the decision.‍

Court decision

On March 18, 2025, the Luxembourg Administrative Court upheld the CNPD's decision and dismissed Amazon's appeal. The court found that Amazon had breached several provisions of the GDPR, in particular in connection with the processing of personal data for advertising purposes without valid consent from the data subjects.

The ruling underlines the importance of compliance with GDPR requirements and signals that breaches of data protection regulations can have serious financial consequences.

Amazon's response

Amazon was disappointed with the verdict and announced that it would consider further legal action. The company argued that the CNPD's decision was based on “subjective interpretations of the law” and that there had been no clear guidance before. Amazon also stressed that there was no personal data breach and no customer data was shared with third parties.

Importance for data protection

This ruling has far-reaching implications for companies operating in the European Union. It clearly shows that data protection authorities are prepared to impose heavy penalties for breaches of the GDPR, particularly when it comes to processing personal data without valid consent.

Companies should therefore ensure that their data processing practices comply with the requirements of the GDPR to avoid similar sanctions.

Conclusion

The Amazon case illustrates the strict stance of European data protection authorities against breaches of the GDPR. Companies are required to regularly review their data protection practices and ensure that they comply with legal requirements. This is the only way they can maintain the trust of their customers and avoid legal consequences.

‍

If you have any questions about our blog posts, our repricing software or our consulting solutions, please contact us at:

email: support@metaprice.de

‍Telephone: 0214/33010250

Whatsapp: 0163/2202270

About our free test accounts:

‍Free test account for our Amazon Repricer

‍Free test account for our eBay Repricer‍

‍Free test account for our Kaufland Repricer

‍

‍