Zoom and Amazon fall foul of data privacy laws

5th August 2021Amazon

Two big names have recently announced that they are likely to be on the receiving end of hefty fines from regulators – one on this side of the Atlantic, the other in the USA.

Different issues.  Different courts of law – but what they have in common is that they are two huge brands, both operating in the online space, being held to account for not protecting their users’ personal information well enough.

Amazon fined for . . . ?

Well, at this point, nobody is quite sure.  This case is fascinating, and we will be continuing to watch it with interest.

Amazon’s notice of a €746m fine is from the Luxembourg data protection regulator for breaching the GDPR.  Luxembourg’s own privacy laws have prevented them from explaining precisely what the fine is for until such a time as an appeal has been heard.  And Amazon is indeed appealing the fine.

All we know about the reason behind the case is that Amazon is accused of their advertising system not being based on ‘free consent.’  Amazon claim that “There has been no data breach, and no customer data has been exposed to any third party,” however, the GDPR is more complex than that – having a data breach is not the only way to contravene the GDPR.

One of the reasons the Amazon case is so significant in the data protection landscape is that it is a vast fine.   The previous largest was ‘just’ €50m against Google.  According to wired.com, the Amazon fine is double the combined amount of every other GDPR fine that has been issued.

This significant ruling comes at a time when people are questioning whether the GDPR really does have the ‘teeth’ it was promised to deliver. You may recall that we reported recently that the EU had issued the UK with an adequacy decision allowing the free flow of data between the two regions, however, the ICO has been criticised by the European Union for not being tough enough in its enforcement action. The increasingly aggressive stance of EU regulators will put even more pressure on the ICO to take similar actions.

Secondly, if the enforcement action is upheld at appeal, what will this mean to the world of marketing adtech? As we don’t know exactly what Amazon is accused of doing – it is impossible to speculate – but could this change that entire landscape? We must wait and see what information is released into the public domain.

The other reason this is so interesting is that the original suit came from data regulators in France.  The case was then passed to regulators in Luxembourg because that is where Amazon has chosen as their base for their data centre.  The GDPR calls this their ‘one-stop-shop’ mechanism for organisations operating in multiple EU countries.  Critics say this system is slow and unworkable.  Perhaps they have a point.  The original complaint was filed by French digital rights organisation La Quadrature du Net in May 2018, and the case continues.

Zooming in on an $86m settlement for privacy invasion

Across the Atlantic, and under different legislation, Zoom have got themselves into hot water with US authorities. This fine relates to Zoom not preventing hackers from disrupting Zoom meetings in a practice called “Zoombombing, and sharing personal data with other social media companies. This consumer rights action demonstrates that globally, protecting personal information is considered sacrosanct.

Zoom, the video conferencing platform, has agreed to settle a class-action lawsuit for allegedly sharing personal data with Google, Facebook, and LinkedIn.

According to the BBC, Zoom denies any wrongdoing and has implemented up to 100 features related to privacy, safety, and security since April 2021.

The settlement is still preliminary as it is awaiting approval by a US District Judge in California.  The punishment is not just financial, though – a second element to the settlement is that Zoom will give its staff specialised training in privacy and data protection practices. (we’ve sent them our number!)

Data protection training is an important element of YOUR due diligence in the UK as part of GDPR.  If you would like to chat with us to see how your organisation and your team can benefit from the motivational and engaging training we provide for you, please take advantage of your complimentary 30-minute Consultation.

Let us ease your mind

If you have any queries, questions or requests then please get in touch. We’re always very happy to talk, you’ll find a friendly voice on the end of the line or simply fill out the form below.

    Your Contact Details










    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.