Advertisement

Amazon and WhatsApp saw biggest fines in EU last year over data rules violations as GDPR takes toll on Big Tech

  • In 2021, Amazon.com was hit with the largest fine yet under the EU’s General Data Protection Regulation, and Meta Platforms’ WhatsApp faced the second-highest
  • Fines under the GDPR rose sevenfold last year to US$1.26 billion, from US$180 million in 2020

Reading Time:1 minute
Why you can trust SCMP
0
A view of the Amazon logistic center with the company’s logo in Dortmund, Germany, on November 14, 2017. Photo: Reuters
European Union data protection fines targeting Amazon.com Inc and Meta Platforms Inc’s WhatsApp helped push penalties to record levels last year, in a sign that the bloc’s tough privacy rules are starting to bite.

Luxembourg’s data protection authority last year slapped Amazon with its biggest fine since the EU’s General Data Protection Regulation took effect almost four years ago. The US online retailer is challenging the 746 million-euro ($851 million) penalty. The Irish watchdog followed with the second-highest EU fine against WhatsApp, ordering it to pay 225 million euros for failing to be transparent about how it handled personal data.

The two record fines make up a large proportion of all GDPR fines in 2021, according to a report released by law firm DLA Piper on Tuesday. Total penalties rose sevenfold to 1.1 billion euros compared to 158.5 million euros in 2020.

The EU’s GDPR empowers data regulators to levy fines of as much as 4 per cent of a company’s annual revenue for the most serious violations. Tensions have been building among data watchdogs over the amount of time Ireland’s authority is taking to complete probes of the likes of Facebook and Apple Inc France’s watchdog has started to target US firms including Google, Amazon and Facebook with separate EU rules, fining them record amounts over their cookies policies.

While such record fines over privacy violations make headlines, another challenge facing companies will be to avoid regulatory scrutiny under GDPR. They must ensure they comply with a key EU court ruling in 2020 that limited the options to safely transfer data across the Atlantic, the report said.

Advertisement
Advertisement