The fine was imposed on July 16 and disclosed Friday in a financial filing. It is the largest in the law’s three-year history, followed by Google’s 2019 fine of €50 million.
Regulators said Amazon’s processing of personal data didn’t comply with GDPR requirements, and the company acknowledged it has been ordered to change its business practices.
Amazon said the regulatory decision was “without merit” and added that it plans to “defend ourselves vigorously in this matter.”
“The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation,” the company said.
The penalty for the alleged violation was imposed by data regulators in Luxembourg, where Amazon has its European headquarters. A spokesperson for the Luxembourg data authority, CNPD, declined to comment, citing the ongoing nature of the legal proceeding.
In a further statement to CNN Business, Amazon said customer information had not been leaked or exposed.
“Maintaining the security of our customers’ information and their trust are top priorities,” the statement said. “There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed.”
Under the EU’s privacy law, violations can carry penalties of up to €20 million or 4% of a company’s global revenue, whichever is higher.