The fine was imposed on July 16 and disclosed on Friday in a financial file. This is the largest in the law’s three-year history, followed by the € 50 million fine imposed on Google in 2019.
Regulators have said Amazon’s processing of personal data does not comply with GDPR requirements, and the company has admitted that it has been ordered to change its business practices.
Amazon said the regulatory decision was “without merit” and added that it planned to “vigorously defend itself in this matter.”
“The decision as to how we show customers relevant advertisements is based on subjective and untested interpretations of EU privacy law, and the proposed fine is grossly disproportionate even with this interpretation,” said declared the company.
The sanction for the alleged violation was imposed by data regulators in Luxembourg, where Amazon has its European headquarters. A spokesperson for the Luxembourg data authority, the CNPD, declined to comment, citing the ongoing nature of the legal proceedings.
In another statement to CNN Business, Amazon said customer information was not disclosed or exposed.
“Maintaining the security of our customers’ information and their trust is a top priority,” the statement said. “There has been no data breach and no customer data has been exposed to a third party. These facts are undisputed.”
Under EU privacy law, breaches can result in penalties of up to € 20 million or 4% of a company’s worldwide turnover, whichever is greater. .