What types of compliance documents can ComplianceIQ generate?

ComplianceIQ generates privacy policies, terms of service, employee handbooks, data handling policies, OSHA compliance documents, acceptable use policies, HIPAA compliance docs, information security policies, and more — all tailored to your industry.

Are the generated documents legally valid?

ComplianceIQ generates comprehensive, industry-standard compliance documents informed by current regulations. While they provide an excellent foundation, we recommend having critical documents reviewed by legal counsel for your specific jurisdiction.

How does ComplianceIQ stay current with regulations?

Our AI models are continuously updated with the latest regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2, OSHA, and more. Pro and Enterprise plans include regulatory update alerts.

← All enforcement actions

GDPRE-Commerce

Amazon Europe Core — €746M GDPR fine (2021)

Largest GDPR fine at the time — behavioural ad targeting without valid consent

Penalty

€746M

Regulator

CNPD (Luxembourg)

Jurisdiction

European Union

What happened

Luxembourg's data-protection authority fined Amazon €746M for processing personal data for behavioural advertising without freely given, specific, informed consent. The CNPD held that Amazon's consent mechanism was bundled with service use and therefore not valid under Articles 6 and 7 GDPR.

Root cause

Consent for advertising bundled with consent to use the service
Pre-ticked / unbundled choice did not meet Article 7(4) freely-given test
No granular opt-out for behavioural processing

What every team should do

Separate consent for advertising from consent to provide the service
Use unbundled, granular toggles with equal-prominence reject button
Document the consent record with timestamp, scope, and revocation log

Source: Amazon 10-Q (Jul 2021), CNPD decision.

Would your controls have stopped this?

ComplianceIQ audits your existing policies in 60 seconds and shows you exactly which GDPR controls you are missing — mapped to enforcement patterns like this one.

Run my GDPR audit Generate missing policies

Amazon Europe Core — €746M GDPR fine (2021)

What happened

Root cause

What every team should do

Related enforcement actions