Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2022-04-04 | Brussels Airport Charleroi | €100K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), b) GDPR, Art. 6 (1) c) GDPR, Art. 6 (3) GDPR, Art. 9 (2) i) GDPR, Art. 12 (1) GDPR, Art. 13 (1) c) GDPR, Art. 13 (2) e) GDPR, Art. 35 (1), (7) GDPR |
| 2019-06-24 | EE | €100K | GDPR | Information Commissioner | United Kingdom | Non-compliance with the right of consent | --Articles: Art.14 GDPR |
| 2022-12-28 | Vodafone Espana, S.A.U. | €100K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2019-10-24 | Food company | €100K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 GDPR, Art. 32 GDPR |
| 2020-12-01 | Azeeta.ee e-apteek | €100K | GDPR | Estonian Data Protection Authority | Estonia | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-05-26 | Intesa Sanpaolo S.p.A. | €100K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR, Art. 6 GDPR |
| 2019-10-24 | Food company | €100K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | Upon creation of an applicant portal where interested parties could apply their ...Upon creation of an applicant portal where interested parties could apply their documents for a job, the food company failed to encrypt the applicant portal. The transmission of the data had no encryption and the data storage was completely unencrypted and offered no password-protected security systems. Moreover, the data was linked to Google, so anyone could find the applicants’ documents and retrieve them after a simple Google search. Articles: Art. 5 GDPR, Art. 32 GDPR |
| 2020-12-01 | Südameapteegi e-apteek | €100K | GDPR | Estonian Data Protection Authority | Estonia | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-05-22 | Posti Group Oyj | €100K | GDPR | Deputy Data Protection Ombudsman | Finland | Failure to comply with processing principles | --Articles: Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 15 GDPR |
| 2023-03-16 | ORANGE ESPAGNE S.A.U. | €100K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2021-11-24 | Norwegian State Pension Fund (SPK) | €98K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c), e) GDPR, Art. 6 (1) GDPR, Art. 9 (2) GDPR |
| 2020-12-16 | Unknown | €97K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information | Hungary | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR, Art. 6 (1) GDPR, Art. 9 (1) GDPR, Art. 12 GDPR |
| 2021-08-03 | Vodafone Espana, S.A.U. | €96K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR, Art. 17 GDPR |
| 2021-01-04 | Innovasjon Norge | €96K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Failure to comply with data processing principles | --Articles: Art. 5 (1) GDPR, Art. 6 (1) GDPR |
| 2023-01-05 | Premom (Easy Healthcare) | $100K | FTC Act Section 5 | FTC | United States | consent | Fertility app shared health data with Google and AppsFlyer despite privacy promi...Fertility app shared health data with Google and AppsFlyer despite privacy promises. |
| 2019-05-23 | Organizer of SZIGET festival and VOLT festival | €92K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing and information obligation non-compliance | --Articles: Art. 6 GDPR, Art. 5 (1) b) GDPR, Art. 13 GDPR |
| 2019-05-23 | Organizer of SZIGET festival and VOLT festival | €92K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing and information obligation non-compliance | The subjects had not been informed about the data processing, and the data contr...The subjects had not been informed about the data processing, and the data controllers had not complied with the principle of purpose limitation. Articles: Art. 6 GDPR, Art. 5 (1) b) GDPR, Art. 13 GDPR |
| 2022-06-09 | Tavistock & Portmann NHS Foundation Trust | €91K | GDPR | Information Commissioner (ICO) | United Kingdom | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-03-08 | Retail company | €89K | GDPR | Croatian Data Protection Authority (AZOP) | Croatia | Failure to implement sufficient measures to ensure information security | --Articles: Art 32 (1) b) and d) GDPR, Art 32 (2) GDPR, Art 32 (4) GDPR |
| 2022-05-09 | Otavamedia Oy | €85K | GDPR | Deputy Data Protection Ombudsman | Finland | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 12 (1), (2), (3), (4), (6) GDPR, Art. 15 GDPR, Art. 17 GDPR, Art. 25 GDPR |
| 2023-04-04 | BANCO BILBAO VIZCAYA ARGENTARIA, S.A | €84K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 15 GDPR |
| 2021-05-13 | Comune di Bolzano | €84K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 13 GDPR, Art. 35 GDPR |
| 2021-07-09 | Medicals Nordic I/S | €81K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GPDR |
| 2022-09-12 | Coin Dealer | €81K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information | Hungary | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b) GDPR, Art. 6 (1) GDPR, Art. 7 (2) GDPR, Art. 12 (1) GDPR, Art. 13 GDPR |
| 2022-01-01 | Beauty salon | €81K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information | Hungary | Unknown | --Articles: Unknown |