The Irish DPC has taken some heat for perceived softness in issuing GDPR fines to Big Tech. A $267 million fine issued to WhatsApp is the first substantial amount that the Irish regulator has assessed, but it comes amidst accusations and criticism.
The Luxembourg CNPD has issued Amazon the largest GDPR fine to date, hitting the online shopping giant with a penalty of €746 million (about $887 million) over its targeted advertising practices.
The $425 million GDPR fine has been proposed by Luxembourg’s data protection commission, which has submitted a draft decision to the data protection authorities of the other EU member states.
The large amount of the Booking.com fine is a point of contention as it stretches to the limit of what the GDPR allows for a data breach notification incident that involved relatively little sensitive personal information.
Twitter will pay a GDPR fine of €450,000 (about $546,000) in the first EU cross-border enforcement action brought against a tech giant.
A German court has slashed a GDPR fine assessed to one of the country's largest telecommunications service providers by over 90%, calling it "unreasonably high."
The 2018 Marriott data breach was one of the biggest of its type in history, and was initially looking at receiving one of the biggest fines of £99 million. However, the UK ICO has reduced the penalty to £18.4 million.
One of the largest GDPR fines to date, the UK ICO's decision found that the travel giant was negligent due to ‘poor security arrangements’ creating a hole that was exploited for two months.
H&M earned the GDPR fine by creating highly inappropriate profiles of employees gleaned from one-on-one conversations which was revealed in a 2019 data leak.
Both breach notifications and GDPR fines have increased in the past year, however, survey has shown a striking disparity in the number of data breaches reported among EU member nations.