Privacy Plus+

Privacy, Technology and Perspective

EU Fines Amazon, and the Future of the GDPR.  Recently, the Luxembourg National Commission for Data Protection (“CNPD”) issued a record €746 million fine against Amazon for its alleged violations of the EU’s General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).  The fine was revealed on page 13 of Amazon’s quarterly report, which can reviewed by clicking on the following link:

To date, this fine against Amazon marks the greatest flex by EU regulators of their powers under the GDPR since it became effective in 2018. 

Its timing coincides with a provocatively-titled article in Economist magazine, entitled “The Land that Innovation Forgot.” According to the article, Europe has fallen sharply behind in the number of its businesses which are among the most valuable in the world over the last 20 years.  The article states that “[i]n 2000 nearly 1/3 of the combined value of the world’s 1000 biggest listed firms was in Europe, and 1/4 of their profits.  In just 20 years those figures have fallen by half.” (our emphasis). Yet even as Europe’s innovation and share of global markets have shrunk, Europe has “continued to play a role as global regulator.” The GDPR is a prime example.

This leads to the question:

Will Europe’s changing position in the global economy affect the GDPR (or other privacy structures)?  If so, how? 

The Economist believes it is the largest firms (for example, Amazon) that invest the most in innovation, thus begetting further growth.  While Europe still has a large population, it makes sense for American and other businesses to accommodate the European consumer base (and comply with EU laws).  

What does this mean for the GDPR?  The Economist article suggests that if the 1000 largest firms are going to be mostly non-European, then Europe’s “ability to shape business norms…will look weak.” 

As Europe is experiencing rapid change, not all of which looks favorable to it, we’re starting to think about what those changes in Europe will mean for “Privacy,” writ large.   We aren’t prepared to go so far as to say that Europe is “in decline” and we don’t predict the demise of the GDPR yet, but we do predict that EU regulators are going to have a fight on their hands as they aim to collect fines they are imposing.

We expect Europe’s ability to force foreign firms to adopt its own approaches to privacy will soon depend less on Europe’s ability to enforce its decrees beyond its own residents, and more on (a) the value and attractiveness of its European consumer base to foreign firms, and (b) the intrinsic worth and power of European ideas about privacy. 

We think those two – particularly the latter — may be surprising. Aging though it is, the European market is still giant and attractive to the largest companies. More importantly in our view, GDPR/European privacy principles have proven attractive to many American states. California, Virginia and Colorado together comprise an enormous economy all of their own — sufficient to make it worthwhile to base many nationwide programs around them — and more states are expected to similar, comprehensive privacy structures.

If you’d like to read the Economist article and learn more about trends in Europe, you will find the article on page 20 of its June 5, 2021 edition, a link to which follows:


Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠.