This article has been updated to reflect the response sent by an Amazon spokesperson.

The administrative court has confirmed the decision made on 15 July 2021, namely a fine of €746m against Amazon Europe Core, as well as corrective measures subject to a penalty payment of €746,000 per day.

Amazon is accused of breaching several articles of the General Data Protection Regulation (GDPR) in connection with its processing of personal data operated for the purposes of interest-based advertising. More specifically, the Luxembourg-based company breached Articles 6, 12 to 17 and 21 of the GDPR. It failed to comply with its transparency obligations, in particular to provide information to data subjects about the processing of their personal data. Violated were the right of access to the data processed; the right of rectification; and the right to erasure of personal data.

The court also said it found that the company had not adopted corrective measures in relation to these breaches, and ordered the remedy to be suspended pending the time limit and appeal proceedings. Amazon can still appeal to the administrative court.

A few hours after the press release was sent by the judicial administration, the giant Amazon expressed its reaction through its spokesperson. “We work hard to earn customer trust, and customer privacy is a top priority. We have always been clear with customers and given them control over whether they see personalised advertising based on their interests. We appealed the CNPD’s decision because we strongly disagree with their ruling. Despite our best efforts to engage constructively on the proper interpretation of new and untested provisions of European privacy law, the CNPD’s decision instead imposed an unprecedented fine based on subjective interpretations of the law about which they had not previously published any interpretive guidance. We are considering an appeal of the decision by the Administrative Court.”

This article in French.