European data agencies reportedly issued $193 million in fines for GDPR violations in 2020
KENZO TRIBOUILLARD/AFP via Getty Images
- European data agencies issues $193 million (€159 million) in fines in 2020 for violations of the General Data Protection Regulation.
- This accounts for around 40% of the total fined since the introduction of GDPR regulations, according to a report by DLA Piper cited in The Financial Times.
- The highest penalty imposed was a $57 million fine the French authorities issued to Google.
- Visit Business Insider's homepage for more stories.
European data agencies imposed $193 million (€159 million) in fines in the last year, according to research by DLA Piper, first reported by the Financial Times.
This accounts for around 40% of all sanctions given out since the General Data Protection Regulation laws came into effect in May 2018.
Over the course of those two years, European data control authorities have imposed $331 million (€272 million) in penalties, half of which was imposed by Italian and German authorities.
The highest penalty imposed was a $57 million fine the French authorities issued to Google. Twitter became the first US firm to be fined under the law with a sanction of $546,000 in December.
Fines have only skyrocketed since the law was passed, and the number of reported breaches of GDPR laws has also increased.
Global vice-president of the Data Protection and Security Group of DLA Piper, Ewa Kurowska-Tober, explained in the report that the regulators have been "testing the limits of their powers this year, issuing fines for a wide variety of infringements of Europe's tough data protection laws."
"[They] certainly haven't had things all their own way - there have been notable successful appeals and large reductions in proposed fines," Kurowska-Tober said.
Ross McKean, the president of DLA Piper's data protection and security group for the United Kingdom, said a "degree of leniency" has been afforded to companies over the course of the pandemic to account for the financial hardships.
British data protection authorities reduced an original fine of $230 million imposed on British Airways to just $26 million.
McKean suggested that in the coming months, Britain could see its control bodies enforce further sanctions after the European Court of Justice suspended data transfers with the US in a landmark ruling that prompted action from Facebook.
Estelle Massé, a senior policy analyst at Access Now, told the Financial Times that data protection agencies should, alongside fines, "use all other punitive sanctions available under the GDPR, such as the possibility to suspend data transfers or to request data acquired unlawfully to be deleted."
Massé had previously told Forbes that the GDPR law would be "as useful as a chocolate teapot" if it were not enforced.