The GDPR fine was sparked by a round of media reports in early 2021 documenting how the personal data of over 530 million Facebook users was left open to data scraping for an extended period thanks to faults in certain tools.
With a major GDPR fine of $123 million on Marriott following an even bigger $230 million fine on British Airways, businesses worldwide are now on notice to have adequate security safeguards in place to protect user data.
The large amount of the Booking.com fine is a point of contention as it stretches to the limit of what the GDPR allows for a data breach notification incident that involved relatively little sensitive personal information.
The 2018 Marriott data breach was one of the biggest of its type in history, and was initially looking at receiving one of the biggest fines of £99 million. However, the UK ICO has reduced the penalty to £18.4 million.
The Irish DPC has taken some heat for perceived softness in issuing GDPR fines to Big Tech. A $267 million fine issued to WhatsApp is the first substantial amount that the Irish regulator has assessed, but it comes amidst accusations and criticism.
The $425 million GDPR fine has been proposed by Luxembourg’s data protection commission, which has submitted a draft decision to the data protection authorities of the other EU member states.
A German court has slashed a GDPR fine assessed to one of the country's largest telecommunications service providers by over 90%, calling it "unreasonably high."
Mayor's office of Lisbon has been handed a $1.4 million fine by the country's data protection commission for providing the personal data of activists and organizers to foreign diplomats, including Russia’s foreign ministry.
At a proposed value of £183 million, British Airways is facing the highest record of GDPR fines, Britain's DPA is making it clear that companies should protect customers’ data or be ready to pay.
One of the largest GDPR fines to date, the UK ICO's decision found that the travel giant was negligent due to ‘poor security arrangements’ creating a hole that was exploited for two months.