Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2024-08-01 | Uber | €290.0M | GDPR | Netherlands AP | Netherlands | transfer | Transferred European driver data to US without adequate safeguards.Transferred European driver data to US without adequate safeguards. Articles: Art. 44 |
| 2024-08-01 | Uber | €290.0M | GDPR | Netherlands AP | Netherlands | transfer | Transferring driver data to US without safeguards |
| 2024-08-26 | Uber | €290.0M | GDPR | Netherlands AP | Netherlands | transfer | Transferred European driver data to US without adequate safeguards.Transferred European driver data to US without adequate safeguards. Articles: Art. 44 |
| 2022-11-25 | Meta Platforms | €265.0M | GDPR | Data Protection Authority of Ireland | Ireland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 25 (1), (2) GDPR |
| 2022-11-28 | Meta Platforms | €265.0M | GDPR | Ireland DPC | Ireland | data_breach | Scraped personal data of 533 million Facebook users made available online. Data ...Scraped personal data of 533 million Facebook users made available online. Data protection by design failure. Articles: Art. 25 |
| 2022-12-19 | Epic Games | $245.0M | FTC Act Section 5 | FTC | United States | consent | Used dark patterns to trick players into making unwanted purchases. Separate fro...Used dark patterns to trick players into making unwanted purchases. Separate from COPPA penalty. |
| 2021-09-02 | Meta Platforms | €225.0M | GDPR | Ireland DPC | Ireland | consent | Lack of transparency about data sharing with Facebook.Lack of transparency about data sharing with Facebook. Articles: Art. 5(1)(a), Art. 12, Art. 13, Art. 14 |
| 2021-09-02 | Meta Platforms | €225.0M | GDPR | Data Protection Authority of Ireland | Ireland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) |
| 2019-09-04 | $170.0M | COPPA | FTC | United States | children | YouTube illegally collected personal information from children without parental ...YouTube illegally collected personal information from children without parental consent, targeting ads to viewers of child-directed channels. | |
| 2025-09-01 | SHEIN | €150.0M | GDPR | France CNIL | France | consent | Placing cookies without consent; non-functional opt-outs |
| 2025-09-01 | SHEIN | €150.0M | GDPR | France CNIL | France | consent | Placing cookies without consent and non-functional opt-outs.Placing cookies without consent and non-functional opt-outs. Articles: Art. 5, Art. 6 |
| 2025-09-01 | SHEIN | €150.0M | GDPR | France CNIL | France | consent | Placing cookies without consent and non-functional opt-outs.Placing cookies without consent and non-functional opt-outs. Articles: Art. 5, Art. 6 |
| 2025-09-01 | €125.0M | GDPR | France CNIL | France | consent | Cookie consent failures at account creation.Cookie consent failures at account creation. Articles: Art. 5, Art. 6 | |
| 2025-09-01 | Google Ireland | €125.0M | GDPR | France CNIL | France | consent | Cookie consent failures at account creation |
| 2025-09-01 | €125.0M | GDPR | France CNIL | France | consent | Cookie consent failures at account creation.Cookie consent failures at account creation. Articles: Art. 5, Art. 6 | |
| 2021-12-31 | €90.0M | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with lawful basis for data processing | --Articles: Art. 82 loi Informatique et Libertes | |
| 2021-12-31 | Meta Platforms | €60.0M | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with lawful basis for data processing | --Articles: Art. 82 loi Informatique et Libertes |
| 2021-12-31 | €60.0M | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with lawful basis for data processing | --Articles: Art. 82 loi Informatique et Libertes | |
| 2019-01-21 | €50.0M | GDPR | French Data Protection Authority (CNIL) | France | Several | The French NGO “La Quadrature du Net” and the Austrian organization “None Of You...The French NGO “La Quadrature du Net” and the Austrian organization “None Of Your Business” complained about the creation of a Google account related to the configuration of the Android system in a mobile phone. A fine of 50 million euros was issued because the following principles were not observed: the principle of transparency (Art. 5 GDPR), the sufficiency of information (Art.13 / 14 GDPR), and the presence of legal basis (Art. 6 GDPR). Articles: Art. 13 GDPR, Art. 14 GDPR, Art. 6 GDPR, Art. 4 GDPR, Art. 5 GDPR | |
| 2019-01-21 | €50.0M | GDPR | French Data Protection Authority (CNIL) | France | Several | --Articles: Art. 13 GDPR, Art. 14 GDPR, Art. 6 GDPR, Art. 4 GDPR, Art. 5 GDPR | |
| 2024-02-01 | Blackbaud | $49.5M | FTC Act Section 5 | FTC | United States | data_breach | Cloud software company settled with FTC and 49 state AGs after 2020 data breach. |
| 2025-01-01 | Vodafone Germany | €45.0M | GDPR | Germany BfDI | Germany | data_breach | Vendor security failures; inadequate data controls |
| 2025-01-15 | Vodafone Germany | €45.0M | GDPR | Germany BfDI | Germany | data_breach | Vendor security failures and inadequate data controls.Vendor security failures and inadequate data controls. Articles: Art. 32 |
| 2025-01-01 | Vodafone Germany | €45.0M | GDPR | Germany BfDI | Germany | data_breach | Vendor security failures and inadequate data controls.Vendor security failures and inadequate data controls. Articles: Art. 32 |
| 2023-06-15 | Criteo | €40.0M | GDPR | France CNIL | France | consent | Ad-tech company failed to verify consent before processing data for personalized...Ad-tech company failed to verify consent before processing data for personalized advertising. Articles: Art. 7, Art. 15, Art. 17, Art. 26 |