GDPR

Governs how personal data of individuals in the EU may be processed and transferred

In July 2021, luxembourg’s data protection authority issued the largest fine under the GDPR (636,000,000 pounds)

Specific violation: The company was fined because it relied on ‘legitimate interests’ legal basis instead of actively seeking for consent while collecting data. 

In terms of values and ethics, the Amazon has ignored user’s right to give consent and secretly taken advantage of it. the company does not have the right to use customers' sensitive data although it might help improve using experience. Unfortunately, if a data breach occurs, Amazon will be accountable for solving the problem, announcing the breach to their customers and paying compensation because they have collected and stored customers' data in their system. However, the company has argued that there had been no data breach, as well as no customer data has been exposed to a third party therefore Amazon has caused no harm to their customer. Hence, their act was still wrong according to the GDPR 

Power of the GDPR: In addition, this event has marked one of the largest possible fine that the EU has sent out to tech companies as if to strengthen its power and position toward businesses. This regulation removes some of the company's right as a strong dominator in the industry.