The Irish Data Protection Authority (DPA) recently imposed a record fine of €1.2 billion on Facebook parent Meta Inc for unlawful data transfers to the US. In 2018, the GDPR became effective in the EEA countries. Since then, Private Affairs has tracked the penalties issued via its GDPR Fines Tracker & Statistics and publishes the relevant statistics on its website. They show that many companies are very careless with user data and have poor privacy ethics.
General Data Protection Regulation (GDPR) is an EU Regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. GDPR also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary aim is to enhance individuals’ control and rights over their personal data and to simplify the regulatory environment for international business.
GDPR has indeed become a big business. Here are a view interested facts collected by Privacy Affairs:
- Out of the colossal €4 billion in GDPR fines, Meta single-handedly accounted for over 50%, amassing a staggering €2.5 billion in penalties, including a recent €1.2 billion fine.
- Meta outstrips both Amazon and Google in GDPR fines, with their combined total fines exceeding €800 million.
- TikTok boasts the lowest expense for privacy violations among huge tech companies, with a mere €15 million accumulated from only two cases—one from the UK and another from the Netherlands.
- The Data Protection Authority of Ireland is responsible for €2.5 billion in GDPR fines from just 23 cases.
- The world of GDPR fines has witnessed a total of 1701 finalized cases. Among the countries, Spain emerges as the leader with a staggering 594 fines, followed by Italy with 244 fines.
The Private Affairs GDPR Fines Tracker & Statistics covers every reported GDPR fine across all EU member states and beyond, including countries outside the EU that are subject to GDPR due to their interactions with European residents.
