The GDPR fine was sparked by a round of media reports in early 2021 documenting how the personal data of over 530 million Facebook users was left open to data scraping for an extended period thanks to faults in certain tools.
Underage Instagram users were opting to ignore privacy settings and work around them by opening business accounts, leading to a GDPR fine of €405 Million by the Irish DPC.
Spanish data protection authority AEPD called the two infringements that led to the GDPR fine "very serious." Both relate to Google's transfer of EU citizen data to the US.
Facebook’s new €17 million GDPR fine stems from a failure to demonstrate that adequate security measures were in place to prevent the data breaches in 2018.
Even seemingly innocuous “free” tools can cause data privacy problems, as a company out of Germany has found out. The company has been ordered to pay a small GDPR fine due to its use of Google Fonts.
Mayor's office of Lisbon has been handed a $1.4 million fine by the country's data protection commission for providing the personal data of activists and organizers to foreign diplomats, including Russia’s foreign ministry.
Proposed fruits of the Irish DPC's three-year investigation into Facebook's consent and transparency violations are GDPR fines that would amount to a maximum of about $36 million to $42 million, or what the company makes roughly every two hours.
The Irish DPC has taken some heat for perceived softness in issuing GDPR fines to Big Tech. A $267 million fine issued to WhatsApp is the first substantial amount that the Irish regulator has assessed, but it comes amidst accusations and criticism.
The Luxembourg CNPD has issued Amazon the largest GDPR fine to date, hitting the online shopping giant with a penalty of €746 million (about $887 million) over its targeted advertising practices.
The $425 million GDPR fine has been proposed by Luxembourg’s data protection commission, which has submitted a draft decision to the data protection authorities of the other EU member states.