The National Data Protection Commission (CNPD) in Luxembourg, where the company has its European headquarters, has proposed fining Amazon $425 million for violations of the EU’s General Data Protection Regulation (GDPR). In short, Amazon is alleged to have improperly collected and used data on its customers. If it meets with the approval of other member states’ regulators of privacy, the fine will be the largest ever levied by the EU. Over the coming months, however, the review could raise or lower the fine.

Meanwhile, according to the Financial Times, the Competition and Markets Authority in the U.K. has already spent months investigating Amazon – and especially how it determines which merchants appear in the “buy box” that customers click to add an item to their shopping basket – and is planning a formal inquiry on its data collection processes. At issue is whether Amazon favors merchants that use Amazon’s logistics and delivery services. There are another two investigations under way in Brussels: one into Amazon’s use of data to favor its own products, the other into the “buy box.” The German Cartel Office is also looking more closely than before into its anti-trust practices.