[Asia Economy Reporter Park Byung-hee] Amazon may face a massive fine for violating the European Union (EU)'s General Data Protection Regulation (GDPR), the Wall Street Journal (WSJ) reported on the 10th (local time). According to sources, Amazon is accused of violating the personal data protection rules specified in the GDPR.
The Luxembourg National Commission for Data Protection (CNPD) confirmed that Amazon violated the GDPR in the process of collecting and using personal data and sent a draft document to the 26 EU member states stating that a fine exceeding $425 million (approximately 472 billion KRW) should be imposed. Since Amazon's European headquarters is in Luxembourg, the Luxembourg authorities investigated the legal violations.
The $425 million corresponds to 2% of Amazon's net profit and 0.1% of its revenue last year. Amazon recorded $386 billion in revenue and $21.3 billion in net profit last year. The GDPR allows fines of up to 4% of revenue.
According to sources, this is the largest fine related to GDPR violations to date. Until now, the largest fine was the $50 million (approximately 5.55 billion KRW) imposed on Google by French authorities.
The CNPD's decision requires the consent of other data protection authorities within the EU. Data protection authorities of each EU member state will express opinions on the CNPD's proposal and go through a coordination process to determine the final fine amount. Therefore, it is expected to take several more months before the fine amount for Amazon is finalized. The fine amount may increase or decrease.
According to sources, the CNPD has already received many opposing opinions regarding the draft decision. At least one party has expressed the view that the fine should be increased.
Amazon previously stated that customer personal information is the most valuable asset to Amazon and that it complies with the personal data protection laws of all countries where it operates.
As the influence of U.S. IT companies continues to grow, it is expected that EU member states will increasingly impose fines on U.S. IT companies based on the GDPR.
The GDPR has been in effect since 2018, and there are complaints within the EU that its enforcement is too slow.
In this regard, Ireland has become a target of criticism. Since the European headquarters of Facebook, Google, and Apple are located in Ireland, Ireland is supposed to lead the enforcement of GDPR regulations, but so far, Ireland has applied the GDPR regulations only once. The only case was last year’s final decision to impose a €450,000 fine on Twitter.
Irish authorities announced that they will issue fine decisions related to about six GDPR violations this year alone. It is known that they have already sent a draft to member states proposing a fine of €30 million to €50 million on WhatsApp.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
