Companies in the technology sector, as well as political and commercial organizations, have to pay over €4 billion in fines to the Data Protection Commission (DPC), Ireland’s privacy and data protection authority (DPA). However, collecting these fines is easier said than done.
In May 2018, the General Data Protection Regulation (GDPR) went into effect. This regulation was designed to protect the privacy of citizens of European Member States. Among other things, it defines under what conditions companies may collect personal information and what rights citizens have to exercise control over their data.
According to the latest numbers of the GDPR Enforcement Tracker, which offers an overview of fines and penalties that data protection authorities within the EU have imposed under the GDPR, DPAs from all over the EU have imposed a total of approximately €6.8 billion in fines on companies in violation of Europe’s privacy laws.
The GDPR Enforcement Tracker has counted that Ireland’s DPA has imposed 35 fines since the GDPR went into effect. According to data that was released under Freedom of Information laws, which has been obtained and analyzed by The Irish Times, companies owe the DPC over €4 billion in fines.
Imposing fines and penalties is one thing, but collecting the money that’s been owed is something entirely different. According to The Irish Times, only €20 million of the €4 billion that is owed has been paid so far.
In 2025, the DPC issued more than €530 million in fines, including TikTok, the Department of Social Security, and the City of Dublin Education and Training Board. Only €125,000 has been collected. In 2024, the DPC imposed €652 million in fines, but only €582,000 has been paid. The year before that, €1.55 billion was levied in fines, but just €815,000 was collected.
In 2022, the Irish DPA issued fines totaling just over €1 billion, of which €17 million has been paid to date. In 2021, companies were ordered to pay €225 million over GDPR violations, but only €800,000 has been received. €785,000 was issued in fines by the DPC in 2020, but so far, less than 10% of that has been paid.
The reason why the DPC has failed to collect the fines it levied is that the majority of the companies have appealed the data protection authority’s ruling in court. Because of this, fines can’t be collected until a judge renders a verdict, legislation says.
A spokesperson of the DPC told The Irish Times that none of the imposed fines is considered to be “uncollectable.”
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked