top of page
Writer's pictureGilad Yaron

Amazon Europe Fined €35m for Violating French Data Protection Law

Updated: Apr 13, 2023

Amazon has been fined 35 million euros by the French data protection authority ('CNIL') for violations of data privacy laws in France. This is not the first time Amazon has been found to be violating data privacy laws in Europe. In 2020, Amazon was fined 746 million euros by the European Commission for violating GDPR.


The CNIL imposed a fine for violations of Article 82 of the 1978 Act on Data Processing, Data Files, and Individual Freedoms, which was replaced in 2018 by the GDPR.


The authority found two violations of this section, related to planting cookies on the user's devices without prior consent and without providing information about this to the users.


Amazon has been collecting data from its customers for years, and the company has faced numerous allegations of violating data privacy laws across Europe.


In the case of France, Amazon was using cookies to collect information about users' browsing history without their consent, which is in direct violation of French data privacy laws. The CNIL launched an investigation into Amazon in 2019, which led to this fine.


The Conseil d'Etat, the French Council of State, a type of supreme court, confirmed that the CNIL is empowered to impose sanctions in relation to cookies outside the One Stop Shop mechanism under the General Data Protection Regulation ('GDPR').


The Council ruled that CNIL can also impose sanctions in cases where the data controller is not based in France but carries out activities in the country, which in this case concerns marketing and advertising tools sold by Amazon Online France.


Therefore, the council confirmed that Amazon committed both violations of section 82 of the law and believed that the fine imposed was not disproportionate in relation to the severity of the violations, the scope of the processing operations, and the financial situation of Amazon.


This fine is a clear signal to companies that they must comply with data privacy laws in Europe, and that they will face significant consequences if they fail to do so. The GDPR has given national authorities the power to impose fines of up to 4% of a company's global revenue or 20 million euros, whichever is greater, for violations of data privacy laws.


Amazon is a multinational company with a significant presence in Europe, and this fine shows that companies of all sizes are subject to data privacy laws and must comply with them. Companies that operate in Europe must take data privacy seriously and take steps to ensure that they are in compliance with GDPR and other data privacy laws.


In conclusion, this fine is a wake-up call to companies that violate data privacy laws in Europe, and it demonstrates that national authorities are taking data privacy seriously. Companies must take data privacy seriously and comply with GDPR and other data privacy laws to avoid significant fines and legal consequences.





3 views0 comments

Kommentare


Contact Us.png

Ready to Secure Your Data?

Reach Out to Data Protection Matters Today for Expert Guidance on Protecting Your Data and Ensuring Compliance.

bottom of page