Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
34 fines found
Total: $36.0M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2020-03-11 | €7.0M | GDPR | Data Protection Authority of Sweden | Sweden | Failure to comply with data processing principles | Google was fined with €7,000,000 by the Swedish Data Protection Authority due to...Google was fined with €7,000,000 by the Swedish Data Protection Authority due to failing to adequately comply with its obligations regarding the right of data subjects to have their search results removed from Google search. The Data Protection Authority of Sweden had already completed an investigation on Google in 2017 where it investigated how the company dealt with individuals’ requests to be removed from search results. At that time, the Data Protection Authority instructed Google to be more pro-active in executing these removal requests. In 2018 the Authority initialed a further investigation after it was reported that Google did not remove search results related to individuals even after the earlier instructions in 2017 to do so. The Authority also questioned Google’s practice of informing website owners about which search results Google had removed, specifically which link (search result) has been removed and who was behind the removal request. Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 17 GDPR | |
| 2023-06-13 | Spotify | €5.0M | GDPR | Sweden IMY | Sweden | consent | Failed to properly fulfill data access requests.Failed to properly fulfill data access requests. Articles: Art. 15 |
| 2023-06-13 | Spotify | €5.0M | GDPR | Sweden IMY | Sweden | consent | Failed to properly fulfill data access requests under right of access.Failed to properly fulfill data access requests under right of access. Articles: Art. 15 |
| 2020-03-11 | €5.0M | GDPR | Data Protection Authority of Sweden | Sweden | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 17 GDPR | |
| 2020-12-03 | Capio St. Goran AB | €2.9M | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR |
| 2021-06-21 | Storstockholms Lokaltrafik | €1.6M | GDPR | Data Protection Authority of Sweden | Sweden | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) f) GDPR, Art. 13 GDPR |
| 2020-12-03 | Aleris Sjukvård AB | €1.5M | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR |
| 2021-06-07 | MedHelp AB | €1.2M | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) a), f) GDPR, Art. 6 GDPR, Art. 9 (1) GDPR, Art. 13 GDPR, Art. 32 GDPR |
| 2020-12-03 | Aleris Sjukvård AB | €1.2M | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR |
| 2022-03-28 | Klarna Bank AB | €720K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 12 (1) GDPR, Art. 13 (2) f) GDPR, Art. 14 (2) g) GDPR |
| 2020-11-24 | City of Stockholm | €394K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 GDPR, Art. 32 GDPR |
| 2020-12-03 | Karolinska University Hospital of Solna | €390K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR |
| 2020-12-03 | Sahlgrenska University Hospital | €341K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR |
| 2020-12-03 | Västerbotten Region | €244K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR |
| 2020-12-03 | Östergötland Region | €244K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR |
| 2022-01-26 | Uppsala hospital board | €152K | GDPR | Data Protection Authority of Sweden | Sweden | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 32 (1) GDPR |
| 2021-06-07 | Voice Integrate Nordic AB | €65K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2020-12-11 | Umeå University | €54K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 (1), (2) GDPR |
| 2021-07-06 | Region Stockholm | €50K | GDPR | Data Protection Authority of Sweden | Sweden | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 13 GDPR, Art. 14 GDPR |
| 2019-12-16 | Nusvar AB | €35K | GDPR | Data Protection Authority of Sweden | Sweden | Non-compliance with lawful basis for data processing | Nusvar AB, which operates the website Mrkoll.se, a site that provides informatio...Nusvar AB, which operates the website Mrkoll.se, a site that provides information on all Swedes over the age of 16, published information on people with overdue payments. Articles: Art. 6 GDPR |
| 2019-12-16 | Nusvar AB | €35K | GDPR | Data Protection Authority of Sweden | Sweden | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2021-06-09 | Directorate of the Ostra Skaraborg Rescure Service | €35K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) a), c) GDPR, Art. 32 (1), (4) GDPR |
| 2020-12-15 | Uppsalahem AB | €30K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 (1) f) GDPR |
| 2022-01-26 | Uppsala regional board | €29K | GDPR | Data Protection Authority of Sweden | Sweden | Non-compliance with lawful basis for data processing | --Articles: Art. 32 (1) GDPR |
| 2021-06-07 | Region Sormland | €25K | GDPR | Data Protection Authority of Sweden | Sweden | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 13 GDPR |