LUInsufficient Legal BasisE-commerceDecision: 2021-07-16

Amazon Europe

€746.0M

Issued by Commission Nationale pour la Protection des Données (CNPD) on 2021-07-16

What happened

Luxembourg's CNPD fined Amazon €746 million for processing personal data for targeted advertising without valid consent. The fine related to Amazon's advertising targeting system, which processed customer data without a proper legal basis. This was the second-largest GDPR fine at the time of issuance.

Articles violated

Art. 6 GDPRArt. 7 GDPR

Lessons learned

Behavioral advertising and ad targeting require explicit, informed consent from data subjects. Pre-ticked boxes or bundled consent mechanisms do not constitute valid consent under GDPR. Companies must provide clear opt-in mechanisms for each specific purpose of data processing.

Source

View original decision

Disclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.

Get enforcement alerts for E-commerce

We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.

Related enforcement actions

USUSD500K

Residual Pumpkin Entity (CafePress)

Federal Trade Commission (FTC) · Data Breach

Read case

DE€10.4M

notebooksbilliger.de AG

Landesbeauftragte für den Datenschutz Niedersachsen (LfD Niedersachsen) · Data Minimization

Read case

PL€660K

Morele.net Sp. z o.o.

Urząd Ochrony Danych Osobowych (UODO) · Data Breach

Read case