The number of penalties imposed for violations of the GDPR (General Data Protection Regulation) has increased significantly in Europe over the past year. This emerges from a report for which the international law firm DLA Piper has compiled the penalties of the individual authorities. The GDPR is an instrument intended to ensure more data protection in the EU. However, it is also valid in the non-EU countries Great Britain, Norway, Iceland and Liechtenstein.
According to the report, the total amount of penalties published between the end of January 2022 and the end of January 2023 was 1.64 billion euros. This represents an increase of around 50 percent compared to the previous year’s value of 1.09 billion euros. According to the authors of the law firm, the increase illustrates the growing trust of data protection supervisory authorities and the willingness to impose large fines for violations of the GDPR.
Highest penalties against Facebook mother Meta
Irish data protection officials imposed the highest individual penalties on Facebook’s parent company Meta last year. The Irish Data Protection Commission fined Facebook €210 million and Instagram, which also belongs to Meta, €180 million for violations in the area of personalized advertising. This puts the Irish authorities in first place in terms of penalties imposed by country since the introduction of the GDPR – the country has so far estimated 1.3 billion euros. Luxembourg follows in second place with a total of 746 million euros. The entire sum comes from a single procedure by the data protection officers there in 2021 against Amazon. Germany ranks fifth with fines totaling a good 76 million euros.
After the number of self-reported data breaches had increased continuously every year, DLA Piper has now observed a slight decline for the first time: In 2021, 120,000 incidents were reported to the authorities, in 2022 there were only 109,000. The GDPR requires companies to report personal data breaches to the appropriate authorities within 72 hours of the incident. In the ranking of absolute reports of such incidents, Germany occupies first place, as it did last year (2021: 30,213 reports, 2022: 29,795). Calculated down to the number of inhabitants, Germany is in 12th place with 24 reports per capita. The Netherlands tops the list with 142 incidents per inhabitant.
The study by DLA Piper examines the number of reported GDPR violations in all EU countries as well as the third countries mentioned above. However, the authors point out that not all competent authorities publish their data in detail; it is therefore possible that further, unpublished fines were imposed. In addition, work is currently being done in Great Britain on a possible, individual GDPR successor. At the moment, the EU regulation is still valid there. The law firm makes the report “DLA Piper GDPR fines and data breach survey: January 2023” available for download in exchange for personal data.
(jvo)
