On October 15, 2021, according to several media outlets Amazon.com Inc. filed an appeal in the Luxembourg Administrative Tribunal to challenge the €746 million ($865 million) fine issued by the Luxembourg National Commission for Data Protection (CNPD) for alleged violations of the General Data Protection Regulation (GDPR). The fine, which was reportedly the largest ever imposed for alleged GDPR violations, was issued to Amazon’s main European entity Amazon Europe Core S.à r.l.
Amazon filed the appeal three months after the fine was issued by the CNPD on July 16, 2021. Amazon disclosed the fine on July 30, 2021 in a quarterly regulatory filing, providing that the reason for the fine was an alleged failure to process personal data in compliance with the GDPR. In the same regulatory filing, Amazon also revealed its intention to appeal, stating, “We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter.” In August of 2021, shortly after the fine was revealed, the Commission Nationale Informatique & Libertés of France (CNIL) reported that the recent decision against Amazon was associated with a 2018 complaint filed by French consumer advocacy group La Quadrature du Net that had accused Amazon of violating the GDPR for failing to obtain user consent in its targeted advertising practices. The CNIL indicated that it had referred the 2018 complaint to the CNPD because Amazon’s European operations were headquartered in Luxembourg.
CNPD News Release – August 2021