Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2021-03-19 | Funeda Sp z o.o. | €5K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-cooperation with Data Protection Authority | --Articles: Art. 31 GDPR, Art. 58 (1) a), e) GDPR |
| 2018-12-12 | Bookmaker | €5K | GDPR | Austrian Data Protection Authority (DSB) | Austria | Information obligation non-compliance | --Articles: Art. 13 GDPR |
| 2018-12-12 | Bookmaker | €5K | GDPR | Austrian Data Protection Authority (DSB) | Austria | Information obligation non-compliance | The betting place used a system of video surveillance illegally because it filme...The betting place used a system of video surveillance illegally because it filmed the public space (the sidewalk). Private individuals are not allowed to do this on a large scale like in this case. Articles: Art. 13 GDPR |
| 2020-03-04 | School in Gdansk | €5K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR |
| 2020-03-04 | School in Gdansk | €5K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | Biometric fingerprint scanners were used in a school in Gdansk (Poland) to authe...Biometric fingerprint scanners were used in a school in Gdansk (Poland) to authenticate students into the school’s payment processing system. While the parents have given written consent to the processing of this kind of data, the Polish National Personal Data Protection Office (UODO) argued that the data processing was nevertheless unlawful, as the consent was obtained involuntarily. It was argued that the school required the consent, otherwise, it would not have been able to process student’s payments at all, meaning parents had no choice other than to “consent”. Articles: Art. 5 GDPR |
| 2020-03-09 | Vis Consulting Sp. Z o.o. | €4K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 31 GDPR, Art. 58 GDPR |
| 2019-08-02 | Public area maintenance company | €4K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR |
| 2022-04-29 | CLINICA DENTAL SAN FRANCISCO, S.L. | €4K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Information obligation non-compliance | --Articles: Art. 17 GDPR, Art. 21 LSSI |
| 2021-07-07 | Marbella Resorts S.L. | €4K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 28 (3) GDPR |
| 2020-03-25 | Vodafone Romania | €4K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | Vodafone Romania sent an e-mail containing personal data of a client to another ...Vodafone Romania sent an e-mail containing personal data of a client to another unrelated client, thus breaking privacy conventions. They had improper organizational and security measures in effect at that time. Articles: Art. 32 GDPR |
| 2020-03-25 | Vodafone Romania | €4K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| -- | Unknown | €4K | GDPR | Data Protection Authority of Liechtenstein | Liechtenstein | Unknown | --Articles: Unknown |
| 2022-09-01 | Liceo Statale “Edoardo Amaldi” | €4K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 2-ter Codice della privacy, Art. 2-sexies Codice della privacy, Art. 2-septies (8) Codice della privacy |
| 2021-06-02 | Avalos Consultores, S.L. | €4K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2020-11-23 | Vodafone România SA | €4K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 GDPR, Art. 15 GDPR, Art. 17 GDPR |
| 2021-07-27 | Private individual | €4K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c), e) GDPR |
| 2020-10-28 | Play Orenes, S.L. | €4K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2020-02-13 | Comune di Urago | €4K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-10-05 | Club Deportivo Sansuena, SL | €4K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) e) GDPR, Art. 6 GDPR, Art. 32 (1) b), d) GDPR |
| 2023-03-15 | Partidul Uniunea Salvați România | €4K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) a) GDPR, Art. 32 (2) GDPR |
| 2020-03-06 | Spanish Data Protection Authority (AEPD) | €4K | GDPR | Private person | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR |
| 2020-03-06 | Liceo Scientifico Nobel di Torre del Greco | €4K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-07-21 | Car dealership | €4K | GDPR | Croatian Data Protection Authority (AZOP) | Croatia | Non-compliance with general data processing principles | --Articles: Art. 27 (1) |
| 2021-02-25 | Ministero dell’Istruzione, Ufficio Scolastico Regionale per il Lazio | €4K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR |
| 2021-09-16 | Frigorifica Botana S.L. | €4K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |