Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2020-07-10 | Xfera Moviles S.A. | €55K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 5 GDPR, Art. 32 GDPR |
| 2022-12-15 | Azienda Universitaria Friuli Centrale | €55K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 9 GDPR, Art. 14 GDPR, Art. 35 GDPR, Art. 2-sexies Codice della privacy |
| 2020-10-23 | Deichmann KFT | €55K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 GDPR, Art. 15 GDPR, Art. 18 (1) c) GDPR, Art. 25 GDPR |
| 2020-12-11 | Umeå University | €54K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 (1), (2) GDPR |
| 2021-01-04 | Vodafone Espana, S.A.U. | €54K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) d), f) GDPR |
| 2021-07-07 | Nordbornholms Byggeforretning Aps | €54K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-09-08 | Midtjylland Region | €54K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-01-19 | PIKA Sp. z o.o. | €53K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 28 (3) c), f) GDPR, Art. 32 (1), (2) GDPR |
| 2021-12-16 | Motor insurance center | €52K | GDPR | Deputy Data Protection Ombudsman | Finland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), c) GDPR, Art. 25 (2) GDPR |
| 2021-11-23 | Icelandic Ministry of Industry and Innovation | €51K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 28 GDPR, Art. 32 GDPR |
| 2019-01-01 | Meta Platforms | €51K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to appoint a data protection officer | The German branch of Facebook was fined by €51,000 because it failed to appoint ...The German branch of Facebook was fined by €51,000 because it failed to appoint a data protection officer. Facebook argued that it did in fact appoint a data protection officer in Ireland who acted as a data protection officer for all the local European Facebook branches. The Data Protection Authority of Hamburg, however, argued that Facebook did not notify the German authority about this appointment, and as such, the fine is valid. The reason the fine was relatively small was that Facebook did, after all, appoint a DPO but failed to notify German authorities. The fine was given to Facebook Germany GmbH, which is the local German branch of the company.The fine was issued sometimes in 2019 but was only made public by the Data Protection Authority of Hamburg in February 2020. The exact date of the fine was not revealed. Articles: Art. 37 GDPR |
| 2019-01-01 | Meta Platforms | €51K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to appoint a data protection officer | --Articles: Art. 37 GDPR |
| 2021-01-21 | Alterna Operador Integral S.L. | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) b) GDPR |
| 2019-03-01 | N26 | €50K | GDPR | Data Protection Authority of Berlin | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2022-01-13 | Intellexa SA | €50K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-cooperation with Data Protection Authority | --Articles: Art. 31 GDPR |
| 2022-04-07 | Palumbo Superyacht Ancona s.r.l. | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), e) GDPR, Art. 13 GDPR, Art. 12 (3) GDPR, Art. 15 GDPR, Art. 157 Codice della privacy, Art. 166 (2) Codice della privacy |
| 2020-02-03 | Vodafone España, S.A.U. | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR |
| 2022-05-25 | Roularta Media Group | €50K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Failure to comply with data processing principles | --Articles: Art. 5 (1) e) GDPR, Art. 5 (2) GDPR, Art. 6 (1) a) GDPR, Art. 7 (1), (3) GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 24 GDPR |
| 2019-04-24 | Movimento 5 Stelle Party | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-08-30 | Medical Company | €50K | GDPR | Austrian Data Protection Authority (DSB) | Austria | Information obligation non-compliance | The company was fined because it had refused to comply with the obligation of ap...The company was fined because it had refused to comply with the obligation of appointing a data protection officer. Articles: Art. 13 GDPR, Art. 37 GDPR |
| -- | Unknown | €50K | GDPR | Data Protection Authority of Brandenburg | Germany | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 15 GDPR, Art. 28 GDPR |
| 2022-05-26 | Azienda sanitaria uniersitaria Friuli Occidentale | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Unknown | --Articles: Unknown |
| 2022-06-16 | SA Rossel & Cie | €50K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) a) GDPR, Art. 7 (1) GDPR, Art. 12 (1) GDPR, Art. 13 GDPR, Art. 14 GDPR |
| 2020-02-03 | Vodafone España, S.A.U. | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | Vodafone España sent invoices of a client that contained personal data such as n...Vodafone España sent invoices of a client that contained personal data such as name, ID card number, and address to their neighbor. Articles: Art. 5 GDPR |
| 2023-03-21 | SOCIEDAD ESPANOLA DE RADIODIFUSION, S.L. | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |