The 10 largest GDPR fines on Big Tech

Date:

Share post:


The state of enforcement of the European Union’s flagship privacy regime, the General Data Protection Regulation (GDPR), on the most powerful tech giants remains a topic of ongoing debate. Below we’ve compiled a list of the 10 largest GDPR fines imposed on Big Tech since the regulation started to apply back in May 2018.

Meta, the owner of Facebook, Instagram and WhatsApp, tops the list, both for receiving the single biggest fine to date (€1.2 billion or around $1.31 billion at current exchange rates) and because it accounts for a majority of these largest penalties (six or more, depending on whether you count per platform).

Please note this list only includes major penalties issued to tech firms under the GDPR. In recent years, some significant sanctions have also been issued on Big Tech via the bloc’s older ePrivacy Directive, but you won’t find those listed here.

Penalties issued to tech firms under GDPR

1. Meta (Facebook): Fined €1.2 billion (~$1.31 billion) in May 2023 by the Irish Data Protection Commission (DPC) for violating the rules on transferring Facebook users’ personal data out of the European Union.

2. Amazon: Fined €746 million (~$815 million) in July 2021 by Luxembourg’s National Commission for Data Protection (CNPD) following complaints that its use of personal data for ad targeting was not based on consent.

3. Meta (Instagram): Fined €405 million (~$443 million) in September 2021 by Ireland’s DPC for failings in its handling of minors’ data.

4. Meta (Instagram and Facebook): Fined a total of €390 million (~$426 million) in January 2023 by Ireland’s DPC for failing to have a valid legal basis to process user data for ad targeting.

5. ByteDance (TikTok): Fined €345 million (~$377 million) in September 2023 by Ireland’s DPC for failings in its handling of minors’ data.

6. Meta (Facebook and Instagram): Fined €265 million (~$290 million) in November 2022 by Ireland’s DPC for breaches of data protection by default and design after certain platform features, including contact importer and search tools, made the personal data of hundreds of millions of users discoverable to all other users.

7. Meta (WhatsApp): Fined €225 million (~$246 million) in September 2021 by Ireland’s DPC for breaking GDPR transparency obligations and failing to make it clear to users how it processes their data.

8. Alphabet/Google (Android): Fined €50 million (~$55 million) in January 2019 by France’s National Commission on Informatics and Liberty (CNIL) for transparency and consent failings related to its Android mobile platform.

9. Meta (Facebook): Fined €17 million (~$18.5 million) in March 2022 by the Irish DPC for a string of security breaches thought to have affected up to 30 million users.

10. ByteDance (TikTok): Fined around €14.8 million at current exchange rates (~$16 million) in April 2023 by the U.K.’s Information Commissioner’s Office (ICO) in another case related to minor protection. (Note: Despite the U.K. no longer being in the EU, its data protection rules are still based on the GDPR.)

Not strictly Big Tech but worth a mention

Adtech giant Criteo was issued with a preliminary fine of €60 million (~$65 million) in August 2022 by France’s CNIL for a range of GDPR breaches. But in June 2023, the level of penalty was reduced to €40 million (~$44 million) after the adtech giant made representations. The enforcement followed complaints that Criteo did not have users’ consent for tracking and profiling them for ad targeting.

Another bonus mention: U.S.-based AI startup Clearview AI was fined the maximum possible (€20 million or around $22 million, based on its revenue) a full three times in 2022 by data protection authorities in Italy, Greece and France. The sanctions were for unlawful data processing as a result of its tactic of scraping selfies off the internet to train a facial-recognition ID-matching AI tool. In the same year, the U.K.’s ICO also hit it with a smaller sanction for GDPR breaches, so the controversial startup’s activities have drawn a lot of enforcement.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Sony’s CES 2025 press conference: How to watch

Sony knows how to put on a show at CES. The company’s pressers are high octane, star-studded...

OpenAI ‘considered’ building a humanoid robot: Report

OpenAI has recently explored building its own humanoid robot, according to The Information. The report cites “two...

Samsung’s CES 2025 press conference: How to watch

Samsung’s CES presser is always an odd duck. The Korean electronics giant generally keeps its powder dry...

Watch Boston Dynamics’ electric Atlas do a backflip

A little early holiday surprise from Boston Dynamics this week, as Santa suit-wearing electric Atlas performs a...

Shuttered electric air taxi startup Lilium may be saved after all

A consortium of investors has resurrected Lilium just days after the electric air taxi startup ceased operations...

These are the cybersecurity stories we were jealous of in 2024

Since 2018, along with colleagues first at VICE Motherboard, and now at TechCrunch, I have been publishing...

Proton’s device aims to help those with kidney disease, and cut heart failure risks

People with chronic kidney disease, or those at risk of heart failure, are greatly affected by potassium...

Halide’s next version will come with new film filters, HDR

Lux, which makes the iPhone camera app Halide, published a roadmap on Monday detailing the app’s next...