Biggest fines under EU privacy law

Biggest fines under EU privacy law

Mark Zuckerberg's social media firm -- owner of Facebook, Instagram and WhatsApp -- has racked up roughly two billion euros in fines
Mark Zuckerberg's social media firm -- owner of Facebook, Instagram and WhatsApp -- has racked up roughly two billion euros in fines. Photo: Lionel BONAVENTURE / AFP/File
Source: AFP

The European Union rolled out its mammoth data privacy regulation five years ago this week, and has since handed down billions in fines.

Ireland's data watchdog smashed the record for an individual fine on Monday when it demanded 1.2 billion euros ($1.3 billion) from Meta over its transfers of personal data between Europe and the United States.

Here are some of the worst offenders of the General Data Protection Regulation (GDPR):

Meta: undisputed fine king

Mark Zuckerberg's social media firm -- owner of Facebook, Instagram and WhatsApp -- has racked up roughly two billion euros in fines.

Breaches by Meta have included a mega-leak of some 533 million phone numbers and emails, mishandling children's data and repeatedly failing to give a legal basis for its data collection.

PAY ATTENTION: Join Legit.ng Telegram channel! Never miss important updates!

Read also

Meta hit with record 1.2-billion-euro fine over EU data rules

Meta, along with the likes of Google, Twitter and LinkedIn has its European headquarters in Ireland, a low-tax regime that has courted big tech.

The Irish privacy watchdog has been reluctant to hand down big fines but said in a statement on Monday that the EU's central authorities had ordered it to collect 1.2 billion euros from Meta.

Austrian campaign group NOYB said it had spent millions in a decade-long legal battle to force the Irish watchdog to tackle the case.

"It is kind of absurd that the record fine will go to Ireland -- the EU Member State that did everything to ensure that this fine is not issued," said NOYB's Max Schrems.

US giants: In Meta's shadow

Luxembourg lit a torch under the Silicon Valley data industry in 2021 by slapping Amazon with a record fine of 746 million euros.

The country, whose low-tax policies have led campaigners to label it a tax haven, refused to give details of its decision at the time, only providing a brief statement after Amazon revealed the fine in its regulatory filings.

Read also

Dark cloud over ChatGPT revolution: the cost

The online retail giant had been sued by a European consumer group claiming personal data was collected for ad-targeting without permission.

However, Amazon denied any breach and promised to appeal. It is unclear whether the fine has been paid.

Google has faced plenty of GDPR pain too.

France's data watchdog hit the search giant with 50 million euros in fines for a lack of transparency on its Android mobile operating system in 2019 -- the biggest such fine of that year.

Clearview AI: Widespread penalties

Clearview AI may not be a household name, but it claims to own billions of photos of people's faces that it sells as a searchable AI-powered database to law enforcement and other clients.

It scrapes the images from the web, often from social media accounts, without asking permission.

Privacy watchdogs in Greece, Italy, France and the UK have all hit the US firm with fines totally roughly 70 million euros, and regulators in Germany and Austria have declared it illegal.

Read also

Business tough in China as national security trumps all

The firm has consistently said it has no offices or clients in Europe and is not subject to EU privacy laws.

The status of the fines is unclear. France issued a penalty of five million euros recently, accusing the firm of failing to pay the initial fine.

Public bodies, hacks

In the early days of the GDPR, several watchdogs cracked down on public institutions, raising profound questions about the regulation's scope.

Bulgaria fined its own tax authority around three million euros in 2019 after hackers stole the details of millions of people.

But several issues in the case were referred to the European Court of Justice, including whether such a hack automatically meant the data controller had not complied with GDPR.

The court has not yet issued a final decision.

Portugal handed down one of the first significant fines under GDPR -- 400,000 euros -- in November 2018 to a hospital near Lisbon.

Read also

Montana TikTok ban unrealistic and misguided: experts

The watchdog ruled that the institution had allowed unauthorised access to patients' data and the case was seen as an early wake-up call for public bodies to get busy with GDPR compliance.

Portugal later gave public institutions three years to adapt to the new regime, meaning the fine was never enforced.

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.