Amazon has been fined €746 ($887m) for allegedly flouting European Union (EU) data privacy laws and ordered to revise certain undisclosed business practices.
The fine was issued by the National Commission for Data Protection (CNPD), Luxembourg’s national data protection agency, on 16 July.
In response, the e-commerce giant said that the CNPD’s decision was ‘without merit’ and that it would defend its practices ‘vigorously’ on this issue.
Amazon revealed the fine in a US Securities and Exchange Commission (SEC) filing on 30 July.
The filing said that the online retailer had allegedly failed to comply with the EU’s General Data Protection Regulation (GDPR).
According to GDPR, companies are required to have people’s consent prior to using their personal data or else face penalties of as much as 4% of their annual global sales.
An Amazon spokesperson said: “Maintaining the security of our customers’ information and their trust are top priorities. There has been no data breach and no customer data has been exposed to any third party.
“These facts are undisputed. We strongly disagree with the CNPD’s ruling and we intend to appeal.
“The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.”
CNPD initially launched its probe in 2018 after French privacy rights group La Quadrature du Net filed a complaint against the retailer.
Last week, Amazon reported a 27% increase in net sales to $113.1bn in the second quarter of this year, up from $88.9bn in the same period of last year.
In May, the online retailer faced an antitrust lawsuit for allegedly fixing online retail prices for third-party sellers through contract provisions and policies on its platform.
Last month, the US Consumer Product Safety Commission (CPSC) filed a lawsuit against Amazon, forcing it to recall potentially hazardous products from its platform.