Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,014 fines found
Total: $6.2B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2022-01-27 | OTE Group | €3.2M | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to implement sufficient measures to ensure information | --Articles: Art. 32 GDPR |
| 2020-01-17 | Eni Gas e Luce | €3.0M | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | The Italian Data Protection Authority (Garante) imposed two fines of €11,5 milli...The Italian Data Protection Authority (Garante) imposed two fines of €11,5 million total on Eni Gas and Luce because of the unlawful processing of personal data during an advertising campaign as well as for the activation of unsolicited contracts. This second fine of €3 million was issued for the opening of unsolicited contracts for the provision of electricity and gas. A large number of individuals have reported that they have only learned of the new contracts after they received a termination letter from their old provider. Some complaints even reported false data as well as forged signatures. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-10-21 | Caixabank Payments & Consumer EFC, EP, S.A.U. | €3.0M | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR |
| 2019-12-11 | Eni Gas e Luce | €3.0M | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-12-03 | Capio St. Goran AB | €2.9M | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR |
| 2021-05-13 | Iren Mercato S.p.A. | €2.9M | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1), (2) GDPR, Art. 6 (1) GDPR, Art. 7 (1) GDPR |
| 2021-11-25 | Dutch Minister of Finance | €2.8M | GDPR | Dutch Supervisory Authority for Data Protection (AP) | Netherlands | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 (1) e) GDPR, Art. 8 Wbp |
| 2019-08-28 | National Revenue Agency | €2.6M | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-08-28 | National Revenue Agency | €2.6M | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Failure to implement sufficient measures to ensure information security | Because of the inappropriate handling of personal data, more than 6 million indi...Because of the inappropriate handling of personal data, more than 6 million individuals had their data hacked. This informational leak was a direct cause of the company’s security laxity. Articles: Art. 32 GDPR |
| 2021-06-10 | Foodinho s.r.l. | €2.6M | GDPR | Italian Data Protection Authority (Garante) | Italy | Multiple types of violations | --Articles: Art. 5 (1) a), c), e) GDPR, Art. 13 GDPR, Art. 22 (3) GDPR, Art. 25 GDPR, Art. 30 (1) a), b), c), f), g) GDPR, Art. 32 GDPR, Art. 35 GDPR, Art. 37 (7) GDPR |
| 2021-07-26 | Mercadona S.A. | €2.5M | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 25 (1) GDPR, Art. 35 GDPR |
| 2021-07-22 | Deliveroo Italy s.r.l. | €2.5M | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) a), c), e) GDPR, Art. 13 GDPR, Art. 22 (3) GDPR, Art. 25 GDPR, Art. 30 (1) c), f), g) GDPR, Art. 32 GDPR, Art. 35 GDPR, Art. 37 (7) GDPR |
| 2023-05-04 | B2 Kapital d.o.o. | €2.3M | GDPR | Croatian Data Protection Authority (AZOP) | Croatia | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 13 (1) GDPR, Art. 28 (3) GDPR, Art. 32 (1) b), d) GDPR, Art. 32 (2) GDPR |
| 2020-11-18 | Carrefour France | €2.3M | GDPR | French Data Protection Authority (CNIL) | France | Multiple | --Articles: Art. 5 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 17 GDPR, Art. 21 GDPR, Art. 32 GDPR, Art. 33 GDPR |
| 2024-05-15 | Airbnb Ireland | €2.1M | GDPR | Ireland DPC | Ireland | consent | Excessive collection and processing of ID document data.Excessive collection and processing of ID document data. Articles: Art. 6 |
| 2021-08-02 | Unser O-Bonus Club GmbH | €2.0M | GDPR | Austrian Data Protection Authority (DSB) | Austria | Failure to comply with data processing principles | --Articles: Art. 6 GDPR, Art. 7 GDPR, Art. 12 GDPR |
| 2022-10-06 | Alpha Exploration | €2.0M | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), e), f) GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 12 (1) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 27 (4) GDPR, Art. 28 GDPR, Art. 32 GDPR, Art. 35 GDPR |
| 2022-02-11 | Amazon Road Transport Spain S.L. | €2.0M | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR, Art. 10 GDPR, Art. 10 LOPDGDD |
| 2022-03-03 | BREBAU GmbH | €1.9M | GDPR | Data Protection Authority of Bremen | Germany | Failure to comply with data processing principles | --Articles: Art. 5 (1) GDPR, Art. 6 (1) GDPR, Art. 9 GDPR |
| 2021-07-20 | SGAM AG2R LA MONDIALE | €1.8M | GDPR | French Data Protection Authority (CNIL) | France | Failure to comply with data processing principles | --Articles: Art. 5 (1) e) GDPR, Art. 13 GDPR, Art .14 GDPR |
| 2021-06-21 | Storstockholms Lokaltrafik | €1.6M | GDPR | Data Protection Authority of Sweden | Sweden | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) f) GDPR, Art. 13 GDPR |
| 2022-10-04 | Easylife Ltd. | €1.5M | GDPR | Information Commissioner (ICO) | United Kingdom | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 13 (1) c) GDPR, Regulation 21 PECR |
| 2022-04-15 | DEDALUS BIOLOGIE | €1.5M | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 28 GDPR, Art. 29 GDPR, Art. 32 GDPR |
| 2020-12-03 | Aleris Sjukvård AB | €1.5M | GDPR | Data Protection Authority of Sweden | Sweden | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR |
| 2020-11-13 | Ticketmaster UK Limited | €1.4M | GDPR | Information Commissioner (ICO) | United Kingdom | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |