fbpx

25th May 2022 - By: Sam Wright

Four Biggest GDPR Fines

Four biggest GDPR fines

Firstly, allow me to wish GDPR a happy birthday. It feels strange sharing a birthday with one of the world’s toughest privacy and security laws, even if I am 24 years older. Given today is the fourth anniversary of this legislation, we wanted to take a look at the four biggest GDPR fines faced, and believe me, these numbers are staggering.

Amazon – $877 million

No need to rub your eyes, you are actually seeing the number 877. Amazon announced this fine in its July 2021 report. The Luxembourg National Commission for Data Protection said Amazon’s processing of personal data did not comply with GDPR. Upon receiving this colossal fine, chiefs at the tech company appealed the ruling, stating “there has been no data breach, and no customer data has been exposed to any third party”. However, unfortunately for them, the fine stood and this goes down as the biggest fine in GDPR history.

WhatsApp – $255 million

There’s a theme emerging here, the big boys are being made an example of! Meta was ordered to pay $255 million after being accused of failing to properly explain its data processing practices in its privacy notice. See, to me, this one seems a little harsh. It wasn’t that WhatsApp was necessarily breaking the rules, it just seems their wording in their privacy notice lacked a bit of clarity. Harsh, but I suppose that’s the price you pay at the top!

Google Ireland – $102 million

We were always going to get to cookies at some stage and here they are. In January of this year, Google Ireland was slapped with a fine just north of $100 million for the way it implemented its cookie consent procedures on YouTube. In short, the European arm of Google was told that it should have made it easier for users to refuse cookies. I guess that’s the way the cookie crumbles.

Facebook – $68 million

Look, although this is a drop in the ocean for Facebook it’s still far from ideal and yes, it’s cookie related once again. Facebook was told that they simply failed to obtain proper cookie consent from users and this largely boiled down to the way in which the social media giant provided its ‘opt-out’, which was said to be unclear.

So, as it stands, these are the four biggest GDPR fines, paying a combined $1,302,000,000 and reminding us all how bad it can get when you fail to comply. Ouch.

By Sam Wright