Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2023-03-23 | Bolzano Municipality | €30K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 25 GDPR, Art. 32 GDPR, Art. 33 GDPR |
| 2021-10-08 | Orange Espagne, SAU | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) a) GDPR |
| 2020-01-23 | Azienda Ospedaliero Universitaria Integrata di Verona (Hospital) | €30K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2021-12-02 | Ica s.r.l. | €30K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-07-19 | DO VALUE GREECE LOANS & CREDITS CLAIM MANAGEMENT S.A. | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR, Art. 12 (2) GDPR |
| 2020-03-18 | Telefonica | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-cooperation with Data Protection Authority | --Articles: Art. 58 GDPR |
| 2019-10-01 | Vueling Airlines | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | Vueling Airlines made it impossible for users to access their website without ac...Vueling Airlines made it impossible for users to access their website without accepting the cookies. Therefore, one couldn’t browse the website unless they accepted the cookies. The AEPD sanctioned the company with 30.000 euros Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-01-14 | Azienda sanitaria provinciale di Enna | €30K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR |
| 2023-02-22 | DISPLAY CONNECTORS, S.L. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2019-01-01 | Vodafone Espana, S.A.U. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-01-23 | Sapienza Università di Roma | €30K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-11-14 | Telefónica SA | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR |
| 2020-12-15 | Uppsalahem AB | €30K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 (1) f) GDPR |
| 2021-07-05 | Mermaids | €29K | GDPR | Information Commissioner (ICO) | United Kingdom | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 (1), (2) GDPR |
| 2022-01-26 | Uppsala regional board | €29K | GDPR | Data Protection Authority of Sweden | Sweden | Non-compliance with lawful basis for data processing | --Articles: Art. 32 (1) GDPR |
| 2021-06-18 | Magyar Telekom Nyrt. | €28K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information | Hungary | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) d) GDPR, Art. 6 (1) GDPR, Art. 12 (2), (3), (4) GDPR, Art. 17 (1) GDPR, Art. 25 GDPR |
| 2019-07-24 | Debt collection agency | €28K | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2019-07-24 | Debt collection agency | €28K | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | A private individual complained to the Data Protection Commission of Bulgaria (K...A private individual complained to the Data Protection Commission of Bulgaria (KZLD) that a debt collection agency has information about her accounts and status of those accounts with the purpose of collecting tax owned by the complainant. The KZLD concluded that the agency had no legal basis to obtain and process the data. Articles: Art. 6 GDPR |
| 2019-09-03 | National Revenue Agency | €28K | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | The National Revenue Agency was fined with €28,100 because of the unlawful proce...The National Revenue Agency was fined with €28,100 because of the unlawful processing of personal data of a private individual. The personal data of the individual was unlawfully collected and used in an enforcement case against them in order to recover a tax debt of €86,000. The National Revenue Agency also collected bank account data of the affected individual from the Bulgarian National Bank. The Bulgarian DPA argued that this data was collected unlawfully by the National Revenue Agency. This is one of the very rare cases where a DPA fines a government institution for the unlawful processing of personal data. Articles: Art 6 (1) GDPR, Art 58 (2) e) GDPR, Art 83 (5) a) GDPR |
| 2019-09-03 | National Revenue Agency | €28K | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | --Articles: Art 6 (1) GDPR, Art 58 (2) e) GDPR, Art 83 (5) a) GDPR |
| 2022-11-16 | Raiffeisen Bank SA | €28K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 25 (1) GDPR, Art. 32 (1), (2), (4) GDPR |
| 2020-07-02 | Odin Flissenter AS | €28K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-06-19 | Aquateknikk AS | €28K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-11-23 | YAY ehf. | €27K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 28 GDPR, Art. 32 GDPR |
| 2019-02-26 | Telecommunication service provider | €27K | GDPR | Bulgarian Commission for Personal Data Protection (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 5 (1) a) GDPR |