Search Privacy Fines

Browse and filter privacy enforcement fines worldwide.

← Back to Overview

Regulation

Country

Year

Min Fine (USD)

Sort

2,014 fines found

Total: $6.2B

Date	Company	Fine	Regulation	Authority	Country	Type	Summary
2022-10-20	Douglas Italia S.p.a.	€1.4M	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) b), e) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 12 (1) GDPR, Art. 13 (2) a) GDPR, Art. 24 GDPR, Art. 25 (1) GDPR
2023-02-01	GoodRx	$1.5M	Health Breach Notification Rule	FTC	United States	consent	First FTC enforcement under Health Breach Notification Rule. Shared health data ... First FTC enforcement under Health Breach Notification Rule. Shared health data with advertisers.
2022-04-05	Danske Bank	€1.3M	GDPR	Danish Data Protection Authority (Datatilsynet)	Denmark	Failure to comply with data processing principles	-- Articles: Art. 5 (2) GDPR
2021-12-21	Lisbon City Council	€1.3M	GDPR	Portuguese Data Protection Authority (CNPD)	Portugal	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) a), c), e) GDPR, Art. 6 GDPR, Art. 9 (1) a) GDPR, Art. 13 (1), (2) GDPR, Art. 35 (3) GDPR
2020-06-30	Allgemeine Ortskrankenkasse	€1.2M	GDPR	Data Protection Authority of Baden-Wuerttemberg	Germany	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 32 GDPR
2021-06-07	MedHelp AB	€1.2M	GDPR	Data Protection Authority of Sweden	Sweden	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 (1) a), f) GDPR, Art. 6 GDPR, Art. 9 (1) GDPR, Art. 13 GDPR, Art. 32 GDPR
2020-12-03	Aleris Sjukvård AB	€1.2M	GDPR	Data Protection Authority of Sweden	Sweden	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR
2022-07-26	Volkswagen	€1.1M	GDPR	Data Protection Authority of Saxony	Germany	nsufficient fulfilment of information obligations	-- Articles: Art. 13 GDPR, Art. 28 GDPR, Art. 30 GDPR, Art. 35 GDPR
2022-06-23	TotalEnergies Electricite et Gaz France	€1.0M	GDPR	French Data Protection Authority (CNIL)	France	Non-compliance with subjects' rights protection safeguards	-- Articles: Art. 14 GDPR, Art. 15 GDPR, Art. 21 GDPR
2022-11-24	Areti spa	€1.0M	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) d), e) GDPR, Art. 5 (2) GDPR, Art. 12 GDPR, Art. 15 GDPR, Art. 24 GDPR
2022-01-19	Fortum Marketing and Sales Polska S.A.	€1.0M	GDPR	Polish National Personal Data Protection Office (UODO)	Poland	Failure to comply with data processing principles	-- Articles: Art. 5 (1) f) GDPR, Art 24 (1) GDPR, Art. 25 (1) GDPR, Art. 28 (1) GDPR, Art. 32 (1), (2) GDPR
2021-11-12	WS WiSpear Systems Ltd	€925K	GDPR	Cypriot Data Protection Commissioner	Cyprus	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) a) GDPR
2023-02-06	Sats ASA	€900K	GDPR	Norwegian Supervisory Authority (Datatilsynet)	Norway	Failure to comply with data processing principles	-- Articles: Art. 5 (1) a), e) GDPR, Art. 6 (1) GDPR, Art. 12 (1), (3) GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 17 GDPR
2020-11-11	1&1 Telecom GmbH	€900K	GDPR	The Federal Commissioner for Data Protection and Freedom of Information (BfDI)	Germany	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 GDPR
2021-09-24	Vattenfal Europe Sales GmbH	€900K	GDPR	Data Protection Authority of Hamburg	Germany	Insufficient data processing agreement	-- Articles: Art. 12 GDPR, Art. 13 GDPR
2022-07-28	Hannoversche Volksbank	€900K	GDPR	Data Protection Authority of Saxony	Germany	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR
2022-02-01	TELEFONICA MOVILES ESPANA, S.A.U.	€900K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) f) GDPR
2019-10-31	UWV - Insurance provider	€900K	GDPR	Dutch Supervisory Authority for Data Protection (AP)	Netherlands	Failure to implement sufficient measures to ensure information security	The Dutch employee insurance service provider – “Uitvoeringsinstituu... The Dutch employee insurance service provider – “Uitvoeringsinstituut Werknemersverzekeringen – UWV did not use multi-factor authentication for accessing the employer web portal. Health and safety services, as well as employers, were able to view and collect data from employees, data to which normally they should not have had access to. Articles: Art. 32 GDPR
2019-10-31	UWV - Insurance provider	€900K	GDPR	Dutch Supervisory Authority for Data Protection (AP)	Netherlands	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 GDPR
2020-07-06	Bureau Krediet Registration	€830K	GDPR	Dutch Supervisory Authority for Data Protection (AP)	Netherlands	Non-compliance with lawful basis for data processing	-- Articles: Art. 12 GDPR, Art. 15 GDPR
2020-11-18	Carrefour Banque	€800K	GDPR	French Data Protection Authority (CNIL)	France	Failure to comply with data processing principles	-- Articles: Art. 5 GDPR
2020-07-13	Iliad Italia S.p.A.	€800K	GDPR	Italian Data Protection Authority (Garante)	Italy	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 GDPR, Art. 25 GDPR
2022-11-10	Discord Inc.	€800K	GDPR	French Data Protection Authority (CNIL)	France	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 (1) e) GDPR, Art. 13 GDPR, Art. 25 (2) GDPR, Art. 32 GDPR, Art. 35 GDPR
2021-07-22	Roma Capitale	€800K	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 28 GDPR, Art. 32 GDPR
2021-04-09	TikTok	€750K	GDPR	Dutch Supervisory Authority for Data Protection (AP)	Netherlands	Information obligation non-compliance	-- Articles: Art. 12 GDPR

PreviousPage 6 of 81Next