The GDPR fine was sparked by a round of media reports in early 2021 documenting how the personal data of over 530 million Facebook users was left open to data scraping for an extended period thanks to faults in certain tools.
Underage Instagram users were opting to ignore privacy settings and work around them by opening business accounts, leading to a GDPR fine of €405 Million by the Irish DPC.
At a proposed value of £183 million, British Airways is facing the highest record of GDPR fines, Britain's DPA is making it clear that companies should protect customers’ data or be ready to pay.
Mayor's office of Lisbon has been handed a $1.4 million fine by the country's data protection commission for providing the personal data of activists and organizers to foreign diplomats, including Russia’s foreign ministry.
Twitter will pay a GDPR fine of €450,000 (about $546,000) in the first EU cross-border enforcement action brought against a tech giant.
Both breach notifications and GDPR fines have increased in the past year, however, survey has shown a striking disparity in the number of data breaches reported among EU member nations.
A German court has slashed a GDPR fine assessed to one of the country's largest telecommunications service providers by over 90%, calling it "unreasonably high."
H&M earned the GDPR fine by creating highly inappropriate profiles of employees gleaned from one-on-one conversations which was revealed in a 2019 data leak.
The large amount of the Booking.com fine is a point of contention as it stretches to the limit of what the GDPR allows for a data breach notification incident that involved relatively little sensitive personal information.
Proposed fruits of the Irish DPC's three-year investigation into Facebook's consent and transparency violations are GDPR fines that would amount to a maximum of about $36 million to $42 million, or what the company makes roughly every two hours.