Since its inception in 2018, enforcement of the General Data Protection Regulation (GDPR) has resulted in significant fines for violators. As of April 2024, a total of 2,083 fines have been issued, amounting to €4.5 billion ($4.9 billion). This indicates a robust effort by European regulators to protect the privacy of its citizens.
Data compiled by Finbold on the financial impact of GDPR fines in early 2024 highlights that from January 1 to April 30, 2024, violators have paid €137 million ($149 million) in fines. This translates to an average daily fine of €1.1 million ($1.2 million) for the first 120 days of the year, with 76 fines issued during this period. Spain has been particularly active, accounting for 30 of these penalties.
Notable GDPR Fines in 2024
While fines in 2024 did not surpass the record set by Ireland in 2023, when Meta Platforms was fined €1.2 billion ($1.3 billion), several significant fines were issued. The top five 2024 fines are detailed below:
△ Enel Energia: In February, this Italian energy company was fined €79 million ($86 million) for illegally obtaining private data for telemarketing purposes. △ Amazon France Logistique: France fined this subsidiary €32 million ($34.7 million) for using an intrusive surveillance system on employees. △ Avast Software: The Czech Republic fined Avast €14 million ($15 million) for sharing user data with Jumpshot for marketing purposes. △ Hellenic Post: Greece fined the state-owned postal service €3 million ($3.2 million) for failing to prevent a data leak to the dark web. △ UniCredit Bank: This Italian bank was fined €2.8 million ($3 million) for inadequate data security measures that led to a cyberattack.
Analysis of Enforcement Trends
The fines in early 2024 illustrate the ongoing challenges in data privacy enforcement. Many significant penalties relate to breaches that occurred years ago. For example, UniCredit Bank's data breach occurred in 2018, and Avast's data transfer occurred in 2019. Amazon's monitoring issues date back to 2020, during the COVID-19 pandemic, when temporary workers were particularly affected.
Backlog of data breach cases
The backlog of cases, which will result in penalties in 2024, highlights a systemic problem with GDPR enforcement. While GDPR aims to streamline and expedite data protection enforcement, the delays in addressing breaches point to flaws in the system. These delays not only impact the timely resolution of breaches, but also raise concerns about the effectiveness of GDPR in deterring future breaches.
Conclusion.
The enforcement actions in 2024 underscore the European Union's commitment to data privacy and security. However, the significant time lag between the occurrence of breaches and the imposition of fines suggests that the regulatory process needs improvement. Streamlining enforcement mechanisms could increase the effectiveness of the GDPR, ensuring faster resolutions and more immediate deterrence of data breaches.
Source: Finbold.
