A Dutch consumer rights group is suing Amazon over its data tracking practices.
Stichting Data Bescherming Nederland (SDBN), a consumer rights group in the Netherlands, has filed a class-action lawsuit against Amazon, accusing the tech giant of violating the European Union’s privacy law, The Wall Street Journal (WSJ) reported Wednesday (Oct. 18). The lawsuit alleges that Amazon tracks website visitors’ online activity without their permission through the use of cookies, a practice seen as a breach of privacy.
This legal action comes after the EU implemented a law in June, making it easier for consumer groups to bring class-action cases against companies. SDBN is seeking damages for consumers and a court order to halt Amazon’s data tracking practices, WSJ reported.
The lawsuit against Amazon alleges that the company collects personal data from cookies, tracking consumers’ behavior across various websites and its own platforms. Amazon then uses this information to sell targeted advertising space, according to the suit. According to WSJ, SDBN demands that Amazon ceases collecting data in this manner and using it to follow consumers online.
The lawsuit represents approximately 5 million Amazon account holders residing in the Netherlands. By taking legal action, SDBN hopes to exert pressure on Amazon, compelling the company to recognize the consequences of its practices and make the necessary changes, per the report.
This case bears resemblance to a regulatory penalty imposed on Amazon by Luxembourg’s privacy regulator earlier this year. Luxembourg fined the company a staggering $887 million for its use of personal data for advertising purposes. Amazon is appealing this penalty.
Anouk Ruhaak, chair of SDBN, emphasized that the lawsuit aims to secure redress for consumers since Amazon has not adequately addressed the violations flagged by Luxembourg’s privacy regulator two years ago.
It is common for large companies to appeal European privacy fines, which can reach up to 4% of global revenue or €20 million ($21 million), whichever is higher. However, the trend of individuals and consumer protection groups taking legal action over potential privacy violations, in addition to regulatory fines, is mounting pressure on companies to improve their privacy practices.
European privacy regulators have been closely scrutinizing how large companies leverage consumers’ data to create targeted online advertisements. For instance, in May, Ireland’s data protection regulator fined Meta a landmark $1.3 billion for violating Europe’s data privacy law.
The penalty came after the regulator found that Meta violated Europe’s General Data Protection Regulation (GDPR) by failing to protect European Facebook users’ data from U.S. surveillance practices. According to PYMNTS reporting at the time, the fine was the largest on record related to the GDPR.