Amazon’s GDPR Penalties

A massive fine against Amazon for GDPR violations was instituted this month, and now the corporate giant is appealing the results.  Insisting the $865 million penalty is completely baseless and unwarranted, Amazon has taken its issue up with the Luxembourg Administrative Tribunal after the country’s data protection regulator levied the fine in July.  Indeed, Amazon claims there was no violation or even any data breach exposing customer data to a third party.  This story goes back to 2018, when a French privacy group’s complaint got the ball rolling, providing yet another opportunity to test GDPR’s teeth.

Since its initial enforcement, the new European regulation has transformed the way businesses worldwide think about and handle data.  Financial penalties of up to 4% of a firm’s annual global sales can ensue if one doesn’t adhere to the standards or fails to safeguard people’s data.  Amazon is hardly the only major corporate entity to run aground here, with Facebook’s WhatsApp being fined back in September for GDPR violation.  In 2020, both Facebook and Twitter encountered troubles with the law, while Google faced a $57 million fine the year before from France’s data watchdog.

Giant firms like Amazon find themselves under heightened scrutiny and skepticism regarding their data collection practices, even as they face greater external threats, like Microsoft facing a wave of Russian cyberattacks that also targeted resellers and other providers.  Facebook, meanwhile, is also in plenty of political and legal hot water these days, and has recently sued against an alleged data scraper who compromised almost 180 million users beginning in 2018.

Amazon, for its part, tends to justify its data accumulation as necessary for improving the customer experience.  Critics have made accusations of using that information to gain an unfair leg up and undercut the competition.  Multiple probes from the EU and Germany into Amazon’s sales have been launched, reflecting the current uncertainty over the retailer’s practice even as its success balloons to ever greater heights during the pandemic era.

None of these entities are immune from data troubles or the repercussions that may follow a screw up.  While GDPR hasn’t been perfect when it comes to the biggest titans, it does appear that regulators are trying to boost its efficiency and enforcement power, regardless of who the target may be.

For those who still need to ensure compliance with GDPR or other standards, NetLib Security’s Encryptionizer solution offers an effective path forward, encrypting your stored data to meet the requirements of the various regulations: increased accountability for firms that handle people’s personal data, mandatory implementation of plans for breach notification and privacy by design.  Encryptionizer can help prevent the bad actors from getting in, as well as keep the regulations from becoming punishments.


By: Jonathan Weicher, post on October 28, 2021
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security