Meta top violator of EU’s privacy rules

Hundreds of businesses have been fined a total of €4.5 billion ($4.9 billion) for violating the EU’s tough privacy rules in six years since they took effect in 2018, with Meta the top offender.

The social media giant accounts for more than a half of that sum, receiving over €2.5 billion in fines for various violations of the General Data Protection Regulation, or GDPR.

Last year, it was slammed with a record fine of €1.2 billion in Ireland, where its EU headquarters are located, for “insufficient legal basis for data processing.”

Meta accounts for six of the 10 biggest fines levied by the European regulators since the GDPR came into force, with five in Ireland as Meta and WhatsApp and one in France as Facebook.

Amazon received the second biggest fine, with Luxembourg data protection authorities ordering the company to pay €746 million for “non-compliance with general data processing principles” in 2021.

TikTok was fined €345 million for GDPR violations in Ireland last year, and Google received two separate fines of €90 million and €60 million for different violations in France in 2021, as well as a €50 million fine in 2019.

Companies are most commonly fined for insufficient legal basis for data processing, which cost various businesses a total of €1.6 billion since 2018, according to NordLayer, a cybersecurity firm that analyzed the data.

Non-compliance with general data processing principles is the second most common offense, but also the most-heavily fined, totaling at €2 billion in penalties.

"Achieving and maintaining GDPR compliance is an ongoing journey, not a one-time destination," said Carlos Salas, a cybersecurity expert at NordLayer.

Over 2,000 violations

Ireland stands out when it comes to imposing record fines over GDPR violations. The country is home to the European operations of global tech companies like Meta and TikTok and has ordered various organizations to pay €2.8 billion in fines since 2018.

Spain, Italy, and Germany are the most active in prosecuting the GDPR violations. Authorities in Spain have imposed 842 GDPR fines in six years out of a European total of 2,072 violations, ordering €80 million in penalties.

Italy is second on the list, having issued more than two times fewer GDPR violations than Spain at 358 fines. However, it imposed heavier fines, ordering organizations to pay nearly €229 million in total.

Germany issued 186 fines, the combined total of which was worth €55 million. Romania is next with 179 fines but was not as heavy-handed with penalties, ordering companies to pay only €1.1 million over the six years. Poland closed out the top five with 73 fines totalling nearly €4 million.

“While full compliance has been challenging for many companies, the GDPR's impact in empowering individuals and holding organizations accountable for data mishandling cannot be overstated. It has reshaped the digital landscape, forcing a much-needed prioritization of privacy rights,” Salas said.

Leave a Reply

Your email address will not be published. Required fields are markedmarked