Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2021-07-06 | Region Stockholm | €50K | GDPR | Data Protection Authority of Sweden | Sweden | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 13 GDPR, Art. 14 GDPR |
| 2023-03-21 | CONECTA5 TELECINCO, S.A.U. | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art 5 (1) c) GDPR |
| 2019-03-01 | N26 | €50K | GDPR | Data Protection Authority of Berlin | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2019-04-24 | Movimento 5 Stelle Party | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | Website affiliated with the Movimento 5 Stelle, an Italian political party, had ...Website affiliated with the Movimento 5 Stelle, an Italian political party, had a data breach in 2017. Rousseau, the data processor running these websites, had insufficient security measures in place. Garante, the Italian Data Protection Authority, issued a request to update these measures and the privacy information notice, for more transparency on the processing of data. The information issue was completed on time. However, Rousseau failed to adopt new security measures, and it was fined by Garante. Articles: Art. 32 GDPR |
| 2023-03-21 | DIARIO ABC, S.L. | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2023-03-21 | EL DIARIO DE PRENSA DIGITAL SL. | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2021-12-14 | IZA OBRAS Y PROMOCIONES, S.A. | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR |
| 2019-11-13 | Social Insurance Agency | €50K | GDPR | Slovak Data Protection Office | Slovakia | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2023-03-21 | EDITORIAL DE PRENSA CANARIA, S.A. | €50K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2020-05-14 | Social Media Provider | €50K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2021-06-04 | Moss Municipality | €49K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1), b), d) GDPR |
| 2019-05-06 | Telefónica SA | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR |
| 2020-02-28 | Vodafone ONO | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | The company was fined due to several deficiencies in information security. Two c...The company was fined due to several deficiencies in information security. Two clients of the company had received the same security access key, allowing to view each others’ personal details. Articles: Art. 32 GDPR |
| 2020-02-25 | HM Hospitales | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | An individual reported that at the time of their admission to the hospital they ...An individual reported that at the time of their admission to the hospital they had to fill in a form that had a checkbox that indicated that if the checkbox is not ticked, the hospital can transfer the person’s private data to third parties. The data protection authority argued that this form was not in accordance with the GDPR because consent was to be obtained from the inactivity of the affected person. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-06-24 | Vodafone ONO | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2020-02-28 | Vodafone ONO | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-08-28 | NATURGY ENERGY GROUP, S.A. | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-06-24 | Vodafone ONO | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | A technical error allowed customers to view the personal data of other customers...A technical error allowed customers to view the personal data of other customers on the company’s website’s customer area. The original fine of €60,000 was reduced to €48,000. Articles: Art. 32 GDPR |
| 2019-05-06 | Telefónica SA | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | A customer complained that their bank account was charged for two invoices for t...A customer complained that their bank account was charged for two invoices for the services the customer has purchased but on the invoices, the personal details of a third party person were displayed. Initially, the fine was determined to be €60,000 but was reduced to €48,000. Articles: Art. 5 (1) a) GDPR |
| 2020-02-25 | HM Hospitales | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-11-11 | Banco Bilbao Vizcaya Argentaria S.L. | €48K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-10-16 | ClickQuickNow | €47K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to comply with processing principles | The Company did not have the appropriate organizational measures in place that w...The Company did not have the appropriate organizational measures in place that would allow data subjects to withdraw their consent to the processing of personal data. Moreover, the data subjects also couldn’t easily request the deletion of their personal data. Articles: Art. 5 GDPR |
| 2019-10-16 | ClickQuickNow | €47K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to comply with processing principles | --Articles: Art. 5 GDPR |
| 2020-07-10 | Municipality of Rælingen | €47K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR, Art. 35 GDPR |
| 2022-05-26 | Azienda Sanitaria Locale Roma | €46K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 6 (1) c), d) GDPR, Art. 6 (2), (3) GDPR, Art. 9 (1), (2), (4) GDPR, Art. 2-ter (1), (2) Codice della privacy, Art. 2-septies (8) Codice della privacy |