Firstly, allow me to wish GDPR a happy birthday. It feels strange sharing a birthday with one of the world’s toughest privacy and security laws, even if I am 24 years older. Given today is the fourth anniversary of this legislation, we wanted to take a look at the four biggest GDPR fines faced, and believe me, these numbers are staggering.
Amazon – $877 million
No need to rub your eyes, you are actually seeing the number 877. Amazon announced this fine in its July 2021 report. The Luxembourg National Commission for Data Protection said Amazon’s processing of personal data did not comply with GDPR. Upon receiving this colossal fine, chiefs at the tech company appealed the ruling, stating “there has been no data breach, and no customer data has been exposed to any third party”. However, unfortunately for them, the fine stood and this goes down as the biggest fine in GDPR history.
WhatsApp – $255 million
There’s a theme emerging here, the big boys are being made an example of! Meta was ordered to pay $255 million after being accused of failing to properly explain its data processing practices in its privacy notice. See, to me, this one seems a little harsh. It wasn’t that WhatsApp was necessarily breaking the rules, it just seems their wording in their privacy notice lacked a bit of clarity. Harsh, but I suppose that’s the price you pay at the top!
Google Ireland – $102 million
Facebook – $68 million
Look, although this is a drop in the ocean for Facebook it’s still far from ideal and yes, it’s cookie related once again. Facebook was told that they simply failed to obtain proper cookie consent from users and this largely boiled down to the way in which the social media giant provided its ‘opt-out’, which was said to be unclear.
So, as it stands, these are the four biggest GDPR fines, paying a combined $1,302,000,000 and reminding us all how bad it can get when you fail to comply. Ouch.
By Sam Wright