Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2019-07-24 | Meta Platforms | $5.0B | FTC Act Section 5 | FTC | United States | consent | Deceived users about ability to control privacy of personal information. Cambrid...Deceived users about ability to control privacy of personal information. Cambridge Analytica data sharing. Largest FTC fine ever. |
| 2023-05-01 | Meta Platforms | €1.2B | GDPR | Ireland DPC | Ireland | transfer | Unlawful data transfers to the US |
| 2023-05-22 | Meta Platforms | €1.2B | GDPR | Data Protection Authority of Ireland | Ireland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) b) GDPR |
| 2023-05-22 | Meta Platforms | €1.2B | GDPR | Ireland DPC | Ireland | transfer | Unlawful data transfers to the US in violation of Schrems II. Largest GDPR fine ...Unlawful data transfers to the US in violation of Schrems II. Largest GDPR fine ever. Articles: Art. 46(1) |
| 2021-07-16 | Amazon | €746.0M | GDPR | Luxembourg CNPD | Luxembourg | consent | Targeted advertising system processed personal data without valid consent.Targeted advertising system processed personal data without valid consent. Articles: Art. 6 |
| 2021-07-01 | Amazon | €746.0M | GDPR | Luxembourg CNPD | Luxembourg | consent | Targeted advertising without valid consent |
| 2021-07-22 | Amazon | €746.0M | GDPR | National Commission for Data Protection (CNPD) | Luxembourg | Failure to comply with data processing principles, and others | --Articles: Several |
| 2019-07-22 | Equifax | $575.0M | FTC Act Section 5 | FTC | United States | data_breach | 2017 data breach exposed personal information of 147 million people due to failu...2017 data breach exposed personal information of 147 million people due to failure to patch known vulnerability. |
| 2025-05-01 | TikTok | €530.0M | GDPR | Ireland DPC | Ireland | transfer | Illegal data transfers to China |
| 2025-05-02 | TikTok | €530.0M | GDPR | Ireland DPC | Ireland | transfer | Illegal data transfers to China and failure to be transparent about data process...Illegal data transfers to China and failure to be transparent about data processing. Articles: Art. 46(1), Art. 5(1)(a) |
| 2025-05-01 | TikTok | €530.0M | GDPR | Ireland DPC | Ireland | transfer | Illegal data transfers to China and failure to be transparent about data process...Illegal data transfers to China and failure to be transparent about data processing. Articles: Art. 46(1), Art. 5(1)(a) |
| 2022-12-19 | Epic Games | $520.0M | COPPA | FTC | United States | children | Failed to notify parents and obtain consent before collecting personal informati...Failed to notify parents and obtain consent before collecting personal information from children under 13 playing Fortnite. Also charged with using dark patterns. |
| 2022-09-05 | Meta Platforms | €405.0M | GDPR | Ireland DPC | Ireland | children | Published children contact details and allowed children aged 13-17 to operate bu...Published children contact details and allowed children aged 13-17 to operate business accounts. Articles: Art. 5(1)(c), Art. 6(1), Art. 12, Art. 24 |
| 2022-09-05 | Meta Platforms | €405.0M | GDPR | Ireland DPC | Ireland | children | Instagram published children contact details and allowed children aged 13-17 to ...Instagram published children contact details and allowed children aged 13-17 to operate business accounts. Articles: Art. 5(1)(c), Art. 6(1), Art. 12, Art. 24 |
| 2022-09-05 | Meta Platforms | €405.0M | GDPR | Data Protection Authority of Ireland | Ireland | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) GDPR, Art. 12 (1) GDPR, Art. 24 GDPR, Art. 25 (1), (2) GDPR, Art. 35 GDPR |
| 2022-01-04 | Meta Platforms | €390.0M | GDPR | Data Protection Authority of Ireland | Ireland | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 (1) GDPR, Art. 12 GDPR, Art. 13 (1) c) GDPR |
| 2023-01-04 | Meta Platforms | €390.0M | GDPR | Ireland DPC | Ireland | consent | Forced users to consent to targeted advertising as condition of using Facebook a...Forced users to consent to targeted advertising as condition of using Facebook and Instagram. Articles: Art. 6(1), Art. 7 |
| 2023-09-15 | TikTok | €345.0M | GDPR | Ireland DPC | Ireland | children | Failed to protect children users. Profiles set to public by default for minors.Failed to protect children users. Profiles set to public by default for minors. Articles: Art. 5(1)(c), Art. 5(1)(f), Art. 12, Art. 13, Art. 24, Art. 25 |
| 2023-09-01 | TikTok | €345.0M | GDPR | Ireland DPC | Ireland | children | Failed to protect children users privacy. Profiles set to public by default for ...Failed to protect children users privacy. Profiles set to public by default for minors. Articles: Art. 5(1)(c), Art. 5(1)(f), Art. 12, Art. 13, Art. 24, Art. 25 |
| 2025-09-01 | €325.0M | GDPR | France CNIL | France | consent | Gmail ads without consent and cookie manipulation.Gmail ads without consent and cookie manipulation. Articles: Art. 5, Art. 6 | |
| 2025-09-01 | €325.0M | GDPR | France CNIL | France | consent | Gmail ads without consent and cookie manipulation.Gmail ads without consent and cookie manipulation. Articles: Art. 5, Art. 6 | |
| 2025-09-01 | Google LLC | €325.0M | GDPR | France CNIL | France | consent | Gmail ads without consent; cookie manipulation |
| 2024-10-01 | €310.0M | GDPR | Ireland DPC | Ireland | other | Wrong legal basis for ad targeting | |
| 2024-10-24 | €310.0M | GDPR | Ireland DPC | Ireland | consent | Used wrong legal basis for behavioral advertising and ad targeting.Used wrong legal basis for behavioral advertising and ad targeting. Articles: Art. 6 | |
| 2024-10-01 | €310.0M | GDPR | Ireland DPC | Ireland | consent | Used wrong legal basis for behavioral advertising and ad targeting.Used wrong legal basis for behavioral advertising and ad targeting. Articles: Art. 6 |