Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,014 fines found
Total: $6.2B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2023-03-02 | BetterHelp | $7.8M | FTC Act Section 5 | FTC | United States | consent | Online therapy service shared health data with advertisers including Facebook an...Online therapy service shared health data with advertisers including Facebook and Snapchat. |
| 2020-03-11 | €7.0M | GDPR | Data Protection Authority of Sweden | Sweden | Failure to comply with data processing principles | Google was fined with €7,000,000 by the Swedish Data Protection Authority due to...Google was fined with €7,000,000 by the Swedish Data Protection Authority due to failing to adequately comply with its obligations regarding the right of data subjects to have their search results removed from Google search. The Data Protection Authority of Sweden had already completed an investigation on Google in 2017 where it investigated how the company dealt with individuals’ requests to be removed from search results. At that time, the Data Protection Authority instructed Google to be more pro-active in executing these removal requests. In 2018 the Authority initialed a further investigation after it was reported that Google did not remove search results related to individuals even after the earlier instructions in 2017 to do so. The Authority also questioned Google’s practice of informing website owners about which search results Google had removed, specifically which link (search result) has been removed and who was behind the removal request. Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 17 GDPR | |
| 2021-12-13 | Grindr LLC | €6.3M | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR, Art. 9 (1) GDPR |
| 2022-01-27 | Cosmote Mobile Telecommunications S.A. | €6.0M | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 25 (1) GDPR, Art. 26 GDPR, Art. 28 GDPR, Art. 35 (7) GDPR |
| 2021-01-13 | Caixabank S.A. | €6.0M | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 GDPR, Art. 13 GDPR, Art. 14 GDPR |
| 2022-01-12 | Meta Platforms | €5.5M | GDPR | Ireland DPC | Ireland | consent | WhatsApp fined for transparency failures in processing user data.WhatsApp fined for transparency failures in processing user data. Articles: Art. 5(1)(a), Art. 12, Art. 13 |
| 2023-01-19 | Meta Platforms | €5.5M | GDPR | Data Protection Authority of Ireland | Ireland | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 12 GDPR, Art. 13 (1) c) GDPR |
| 2025-09-15 | Dun & Bradstreet/Duns | $5.7M | FTC Act Section 5 | FTC | United States | data_broker | Data broker settlement for unfair and deceptive practices in selling consumer da...Data broker settlement for unfair and deceptive practices in selling consumer data. |
| 2019-02-27 | TikTok | $5.7M | COPPA | FTC | United States | children | Musical.ly (now TikTok) collected personal information from children under 13 wi...Musical.ly (now TikTok) collected personal information from children under 13 without parental consent. |
| 2022-10-17 | Clearview AI | €5.3M | GDPR | France CNIL | France | consent | Unlawful collection and use of biometric data of French residents.Unlawful collection and use of biometric data of French residents. Articles: Art. 6, Art. 9 |
| 2023-05-10 | Clearview AI | €5.2M | GDPR | French Data Protection Authority (CNIL) | France | Unknown | --Articles: Unknown |
| 2024-12-01 | Telegram | €5.1M | GDPR | France CNIL | France | consent | Multiple GDPR violations including failure to appoint representative.Multiple GDPR violations including failure to appoint representative. Articles: Art. 5, Art. 27 |
| 2024-12-01 | Telegram | €5.1M | GDPR | France CNIL | France | consent | Multiple GDPR violations including failure to appoint EU representative.Multiple GDPR violations including failure to appoint EU representative. Articles: Art. 5, Art. 27 |
| 2022-10-19 | Interserve Group Limited | €5.0M | GDPR | Information Commissioner (ICO) | United Kingdom | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-03-11 | €5.0M | GDPR | Data Protection Authority of Sweden | Sweden | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 17 GDPR | |
| 2020-12-11 | Banco Bilbao Vizcaya Argentaria, S.A. | €5.0M | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 GDPR, Art. 13 GDPR |
| 2025-01-01 | Replika (Luka Inc.) | €5.0M | GDPR | Italy Garante | Italy | consent | AI chatbot GDPR violations.AI chatbot GDPR violations. Articles: Art. 5, Art. 6 |
| 2023-06-13 | Spotify | €5.0M | GDPR | Sweden IMY | Sweden | consent | Failed to properly fulfill data access requests.Failed to properly fulfill data access requests. Articles: Art. 15 |
| 2025-03-01 | Replika (Luka Inc.) | €5.0M | GDPR | Italy Garante | Italy | consent | AI chatbot GDPR violations.AI chatbot GDPR violations. Articles: Art. 5, Art. 6 |
| 2023-06-13 | Spotify | €5.0M | GDPR | Sweden IMY | Sweden | consent | Failed to properly fulfill data access requests under right of access.Failed to properly fulfill data access requests under right of access. Articles: Art. 15 |
| -- | Edison Energia S.p.A. | €4.9M | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 12 (1), (2), (3) GDPR, Art. 21 (2) GDPR, Art. 24 (1), (2) GDPR, Art. 25 (1) GDPR |
| 2022-11-02 | Portuguese National Statistical Institute | €4.3M | GDPR | Portuguese Data Protection Authority (CNPD) | Portugal | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 9 (1) GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 28 (1), (6), (7) GDPR, Art. 35 (1), (2), (3) b) GDPR, Art. 44 GDPR, Art. 46 (2) GDPR |
| 2022-02-01 | Vodafone Espana, S.A.U. | €3.9M | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR |
| 2022-04-07 | Dutch Tax and Customs Administration | €3.7M | GDPR | Dutch Supervisory Authority for Data Protection (AP) | Netherlands | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b), d), e) GDPR, Art. 6 (1) GDPR, Art. 32 (1) GDPR, Art. 35 (2) GDPR |
| 2021-09-16 | Sky Italia S.r.l. | €3.3M | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1), (2) GDPR, Art. 6 (1) GDPR, Art. 7 GDPR, Art. 12 (2) GDPR, Art. 14 GDPR, Art. 21 GDPR, Art. 28 GDPR, Art. 29 GDPR |