Amazon was fined 74 746 million (CA $ 1.1 billion) for failing to comply with new European regulations on the protection of Internet users’ personal data (GDPR), the largest financial fine ever imposed within the framework of these laws.

In the wake of this conviction, the La Quadratcher du Net, an association for the protection of liberty, filed five complaints against CNIL, the French gendery personal data, against Amazon, Apple, Google, Facebook and Microsoft at the end of May 2018. After these data protection rules come into force. Amazon is headquartered in Luxembourg, handing over the CNIL file to its Luxembourg counter CNPD.

The fine was imposed in mid-July but Amazon did not announce it in a stock document until Friday.

CNPD “claims that Amazon’s data processing does not comply with EU data protection regulations,” the Internet giant said in a statement.

Amazon said in a separate statement that the sentence was “unfounded” and intended to “appeal.” The group, which has been fined the most by a national authority for violating GDPR, adds, “There was no data leak, no consumer data disclosed to a third party.”

CNIL fines web giant 35 million euros (CA $ 52 million) by end of 2020 for non-compliance with advertising tracker legislation (Cookies). Google was fined 100 100 million (CA $ 148 million) and fined 50 50 million, with the latter already linked to GDPR.

“This historic recognition falls at the heart of the GAFAM predation system and is to be applauded,” La Quadrature du Net said in a statement to AFP. The association recalls that the complaint was made with the aim of “advertising targeting system implemented by Amazon” […] Performed without our free consent. “

In contrast, this historic permit makes the widespread resignation of the Irish Data Protection Authority, which in three years could not end any of the other four complaints we have brought against Facebook, Apple, Microsoft and Google. ”Says the association.

GAFAM constantly criticizes the way their users use personal data. Brussels sought to bring order by imposing its global data protection regulation in 2018, which established itself as a global standard.

Businesses should seek the consent of citizens when requesting their personal data, notify them of the use of it and allow them to delete the data. Violations can result in heavy fines. Under the new European regulation on digital services, platforms cannot use data collected through multiple services to target a user against their will. Client companies will have access to the data they generate.

Watch the video