The EU General Data Protection Regulation (GDPR) is among the world’s toughest data protection laws. Under the GDPR, the EU’s data protection authorities can impose fines of up to up to €20 million (roughly $2,372,000), or 4 percent of worldwide turnover for the preceding financial year—whichever is higher.
Since the GDPR took effect in May 2018, we’ve seen over 800 fines issued across the European Economic Area (EEA) and the U.K. Enforcement started off somewhat slow. But between July 18, 2020, and July 18, 2021, there was a significant increase in the size and quantity of fines, with total penalties surging by around 113.5%. And that was before the record-breaking fine against Amazon—announced by the company in its July 30 earnings report—which dwarfed the cumulative total of all GDPR fines up until that date.
Top 10 fines so far:
More details: https://www.tessian.com/blog/biggest-gdpr-fines-2020/
Dear Mr. Sekulovic!
You pointed to an important issue. There might be a need for studies depicting the context and impact of this regulation package:
1) Karen Yeung, Lee A. Bygrave (2021). Demystifying the modernized European data protection regime: Cross-disciplinary insights from legal and regulatory governance scholarship, Regulation & Governance Early View, 04 May 2021, Open access: Article Demystifying the modernized European data protection regime:...
2) Hallinan D. (2021) Biobank Oversight and Sanctions Under the General Data Protection Regulation. In: Slokenberga S., Tzortzatou O., Reichel J. (eds) GDPR and Biobanking. Law, Governance and Technology Series, vol 43. Springer, Cham. https://doi.org/10.1007/978-3-030-49388-2_8 Available at:
Chapter Biobank Oversight and Sanctions Under the General Data Prote...
3) Ilse Heine (2021). 3 Years Later: An Analysis of GDPR Enforcement, Center for Strategic & International Studies, Sept., 13, 2021, Free access: https://www.csis.org/blogs/strategic-technologies-blog/3-years-later-analysis-gdpr-enforcement
Yours sincerely, Bulcsu Szekely
Those data raise a couple of questions, First off, to what extent the amounts of punishment commensurate with the actual harm brought to consumers' security and privacy, as well as to the governments' particular policies for the marketplace, and countries' laws against fraud due to mass manipulations. Second, the level of damages for the listed infringers is laughable as compared to their annual earnings. Those penalties look rather like encouraging measures to continue this illegal fraud. It's not a real punishment but an eye wash.
Agrre with Len Leonid Mizrah .
Furthermore, another question arises: are these "fines" actually paid?
To whom and in what way?
Gioacchino de Candia yes, fines are actually paid, and it is paid to the budget of the country which personal data protection agency imposed a fine.
Len Leonid Mizrah the extent of the fines is measured by impact to the privacy rights, number of people impacted, level of negligence etc.