Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,014 fines found
Total: $6.2B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2019-07-24 | Meta Platforms | $5.0B | FTC Act Section 5 | FTC | United States | consent | Deceived users about ability to control privacy of personal information. Cambrid...Deceived users about ability to control privacy of personal information. Cambridge Analytica data sharing. Largest FTC fine ever. |
| 2023-05-22 | Meta Platforms | €1.2B | GDPR | Data Protection Authority of Ireland | Ireland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) b) GDPR |
| 2023-05-22 | Meta Platforms | €1.2B | GDPR | Ireland DPC | Ireland | transfer | Unlawful data transfers to the US in violation of Schrems II. Largest GDPR fine ...Unlawful data transfers to the US in violation of Schrems II. Largest GDPR fine ever. Articles: Art. 46(1) |
| 2021-07-16 | Amazon | €746.0M | GDPR | Luxembourg CNPD | Luxembourg | consent | Targeted advertising system processed personal data without valid consent.Targeted advertising system processed personal data without valid consent. Articles: Art. 6 |
| 2021-07-22 | Amazon | €746.0M | GDPR | National Commission for Data Protection (CNPD) | Luxembourg | Failure to comply with data processing principles, and others | --Articles: Several |
| 2019-07-22 | Equifax | $575.0M | FTC Act Section 5 | FTC | United States | data_breach | 2017 data breach exposed personal information of 147 million people due to failu...2017 data breach exposed personal information of 147 million people due to failure to patch known vulnerability. |
| 2025-05-01 | TikTok | €530.0M | GDPR | Ireland DPC | Ireland | transfer | Illegal data transfers to China and failure to be transparent about data process...Illegal data transfers to China and failure to be transparent about data processing. Articles: Art. 46(1), Art. 5(1)(a) |
| 2025-05-02 | TikTok | €530.0M | GDPR | Ireland DPC | Ireland | transfer | Illegal data transfers to China and failure to be transparent about data process...Illegal data transfers to China and failure to be transparent about data processing. Articles: Art. 46(1), Art. 5(1)(a) |
| 2022-12-19 | Epic Games | $520.0M | COPPA | FTC | United States | children | Failed to notify parents and obtain consent before collecting personal informati...Failed to notify parents and obtain consent before collecting personal information from children under 13 playing Fortnite. Also charged with using dark patterns. |
| 2022-09-05 | Meta Platforms | €405.0M | GDPR | Data Protection Authority of Ireland | Ireland | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) GDPR, Art. 12 (1) GDPR, Art. 24 GDPR, Art. 25 (1), (2) GDPR, Art. 35 GDPR |
| 2022-09-05 | Meta Platforms | €405.0M | GDPR | Ireland DPC | Ireland | children | Published children contact details and allowed children aged 13-17 to operate bu...Published children contact details and allowed children aged 13-17 to operate business accounts. Articles: Art. 5(1)(c), Art. 6(1), Art. 12, Art. 24 |
| 2022-09-05 | Meta Platforms | €405.0M | GDPR | Ireland DPC | Ireland | children | Instagram published children contact details and allowed children aged 13-17 to ...Instagram published children contact details and allowed children aged 13-17 to operate business accounts. Articles: Art. 5(1)(c), Art. 6(1), Art. 12, Art. 24 |
| 2023-01-04 | Meta Platforms | €390.0M | GDPR | Ireland DPC | Ireland | consent | Forced users to consent to targeted advertising as condition of using Facebook a...Forced users to consent to targeted advertising as condition of using Facebook and Instagram. Articles: Art. 6(1), Art. 7 |
| 2022-01-04 | Meta Platforms | €390.0M | GDPR | Data Protection Authority of Ireland | Ireland | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 (1) GDPR, Art. 12 GDPR, Art. 13 (1) c) GDPR |
| 2023-09-01 | TikTok | €345.0M | GDPR | Ireland DPC | Ireland | children | Failed to protect children users privacy. Profiles set to public by default for ...Failed to protect children users privacy. Profiles set to public by default for minors. Articles: Art. 5(1)(c), Art. 5(1)(f), Art. 12, Art. 13, Art. 24, Art. 25 |
| 2023-09-15 | TikTok | €345.0M | GDPR | Ireland DPC | Ireland | children | Failed to protect children users. Profiles set to public by default for minors.Failed to protect children users. Profiles set to public by default for minors. Articles: Art. 5(1)(c), Art. 5(1)(f), Art. 12, Art. 13, Art. 24, Art. 25 |
| 2025-09-01 | €325.0M | GDPR | France CNIL | France | consent | Gmail ads without consent and cookie manipulation.Gmail ads without consent and cookie manipulation. Articles: Art. 5, Art. 6 | |
| 2025-09-01 | €325.0M | GDPR | France CNIL | France | consent | Gmail ads without consent and cookie manipulation.Gmail ads without consent and cookie manipulation. Articles: Art. 5, Art. 6 | |
| 2024-10-24 | €310.0M | GDPR | Ireland DPC | Ireland | consent | Used wrong legal basis for behavioral advertising and ad targeting.Used wrong legal basis for behavioral advertising and ad targeting. Articles: Art. 6 | |
| 2024-10-01 | €310.0M | GDPR | Ireland DPC | Ireland | consent | Used wrong legal basis for behavioral advertising and ad targeting.Used wrong legal basis for behavioral advertising and ad targeting. Articles: Art. 6 | |
| 2024-08-26 | Uber | €290.0M | GDPR | Netherlands AP | Netherlands | transfer | Transferred European driver data to US without adequate safeguards.Transferred European driver data to US without adequate safeguards. Articles: Art. 44 |
| 2024-08-01 | Uber | €290.0M | GDPR | Netherlands AP | Netherlands | transfer | Transferred European driver data to US without adequate safeguards.Transferred European driver data to US without adequate safeguards. Articles: Art. 44 |
| 2022-11-28 | Meta Platforms | €265.0M | GDPR | Ireland DPC | Ireland | data_breach | Scraped personal data of 533 million Facebook users made available online. Data ...Scraped personal data of 533 million Facebook users made available online. Data protection by design failure. Articles: Art. 25 |
| 2022-11-25 | Meta Platforms | €265.0M | GDPR | Data Protection Authority of Ireland | Ireland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 25 (1), (2) GDPR |
| 2022-12-19 | Epic Games | $245.0M | FTC Act Section 5 | FTC | United States | consent | Used dark patterns to trick players into making unwanted purchases. Separate fro...Used dark patterns to trick players into making unwanted purchases. Separate from COPPA penalty. |