Amazon Facing Potential Possible GDPR Penalties Following Suspected Breach

According to a report by the Wall Street Journal Amazon is being investigated due to allegations that some of its staff members have been leaking consumer and company data in return for payment.

The claims say that Amazon employees have been selling user information and other confidential material to private sellers on the platform. The majority of offences are believed to have taken place in China. It is also believe that Amazon staff members have been receiving payment in exchange for erasing negative reviews and reinstating blocked accounts.

The Wall Street Journal, in a report published on September 16 revealed that a seller can pay $80 to $2000 via intermediaries to purchase confidential data from Amazon, including customers’ emails and lists of popular keywords.

If the allegations are confirmed the retail giant might also be facing a multi-billion dollar fine under the General Data Protection Regulation (GDPR) which states that the maximum possible penalty is €20 or 4% of annual global revenue. In Amazon’s case the latter figure would be approximately €7bn. This actual fine would like be a great deal lower as the breach, at this point in time, seems to have been mainly localized in China.

Oz Alashe, CEO of intelligent cybersecurity awareness platform, CybSafe, commented on the likelihood of Amazon being hit with a GDPR fine to online business new portal Verdict. He said: “Given the type of content leaked – which at this stage, appears to be email addresses – Amazon may find itself in breach of GDPR. Even as a US company, EU regulators can levy fines of up to 4% of a company’s global turnover, which for a company like Amazon, would equate to a maximum penalty of roughly €7bn.

“However, in this instance, a maximum fine is unlikely as the leak appears to be mostly localised to China. Nonetheless, the extent of the data leak and bribes isn’t clear, and the number of customers affected also hasn’t been established. More transparency will be needed before we can determine more accurate financial consequences for all involved. Reputationally, however, this news will have already caused significant damage. Amazon is already in hot water over misuse of information, with allegations of ‘fake reviews’ hosted on its site. This latest news confirms that its data woes are growing.”

It remains to be seen if these allegations impact the eCommerce giant. Scott Logie, Read Group’s customer engagement director commented to the Verdict on the importance to consumers of knowing how their data is being managed. He said: “In the post-GDPR era, building long-term trust and loyalty is more important than ever. By looking at loyalty trends across different years, we have seen how many consumers are actually more loyal than they believe they are at heart.”

Amazon confirmed that the potential data breach and allegations are being investigated earlier this week. They released a statement which said: “We hold our employees to a high ethical standard and anyone in violation of our Code faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them, including terminating their selling accounts, deleting reviews, withholding funds, and taking legal action.”