The National Commission for Data Protection Grand Duchy of Luxembourg (CNPD), the equivalent of the National Commission for Informatics and Freedoms (Cnil) in France, could condemn Amazon to pay a record fine of 425 million dollars for violating the General Data Protection Regulation (GDPR).
A sanction project
This is the Wall Street Journal who spotted a draft sanction circulating between the various European data protection authorities. Indeed, under article 60 GDPR, they must agree on the amount of the penalty. But, by virtue of the one-stop-shop principle, it is good that the CNPD is in charge of the investigation and the procedure because Amazon’s European headquarters are in Luxembourg.
The e-commerce giant is accused of illegally collecting and using personal data. The case does not relate to its cloud computing business, Amazon Web Services (AWS), according to a source who declined to say more about the accusations made against the American company. Amazon and the CNPD declined to comment on this information.
The authorities must agree
Before this draft sanction becomes final, it would have to be approved by the other authorities of the European Union. This procedure is long and tedious. Within four weeks of being consulted, an authority may present a reasoned objection. If the lead authority, in this case the Luxembourg CNIL, wishes not to follow this objection, it must submit the question to the consistency control mechanism involving the European Commission.
When the lead supervisory authority intends to follow the relevant and reasoned objection raised, it submits to the other supervisory authorities concerned a revised draft decision for their opinion. This revised draft decision must be considered again by all authorities within two weeks.
In the sights of the European Commission
Amazon is also in the sights of the European Commission, which has opened an investigation into the use of non-public data from third-party sellers in the marketplace. It is also investigating the “Buy box” and the Prime label to verify that the practices of the American giant do not violate competition law.
The preliminary findings of this investigation showed that “considerable volumes of non-public data from sellers are available to employees of Amazon’s retail activity,” the Commission noted in its press release. This situation would allow Jeff Bezos’ company to avoid “the normal risks of competition” and to take advantage of its dominant position in the marketplace service provision market in France and Germany, ie the largest markets. Amazon in the EU, added the executive.
If these practices are confirmed, they violate article 102 of the Treaty on the Functioning of the EU, which prohibits the abuse of a dominant position on the European market. Amazon faces a fine of up to 10% of its global revenue, which was $ 320 billion in 2020.