GDPR Fines Haven’t Rocked the Data Privacy World—Yet 

When it launched, Europe’s General Data Protection Regulation (GDPR) became bigger than Beyoncé. Since then, some of the hype around the law has waned, but there’s still one thing that gets people excited: fines.

Under the law, data-protection regulators across Europe have boosted powers to punish companies and organizations who are found in breach of the GDPR. The most serious consequences can be fines of up to €20 million ($22.4 million) or 4 percent of a firm’s global turnover, whichever is greater. These are larger than the £500,000 ($650,000) penalties that could be issued by the UK’s regulator, the Information Commissioner’s Office, under the old data-protection rules.

Before the GDPR was enforced there were outlandish predictions that businesses would be hit with huge fines for data-protection issues. Some estimates claimed GDPR fines would be 79 times higher than those under previous rules; others said banks would be hit with fines of up to €4.7 billion ($5.3 billion) in the coming years.

Unsurprisingly there hasn’t been a deluge of fines running into millions or billions of euros, but the EU’s 28 data-protection regulators are slowly beginning to flex their enforcement muscles—including against big tech companies.

After the first year of the GDPR, the European Data Protection Board reported (PDF) that nations had examined 206,326 cases under the law. Helen Dixon, the Irish data-protection regulator who has jurisdiction over US tech companies because of their European headquarters in Ireland, has investigations open into at least 17 multinational firms. These include Facebook and its subsidiaries WhatsApp and Instagram, plus Google and Twitter.

see here
see here now
see it here
see page
see post
see this
see this here
see this page
see this site
see this website
she said
site web
sneak a peek at these guys
sneak a peek at this site
sneak a peek at this web-site
sneak a peek at this web-site.
sneak a peek at this website
sneak a peek here
sources tell me
speaking of
special info
straight from the source
such a good point
super fast reply
take a look at the site here
talking to
talks about it
that guy
the advantage
the full details
the full report
the original source
their explanation
their website
these details
they said
this article
this contact form
this content
this guy
this hyperlink
this link
this page
this post
this site
this website
top article
total stranger
try here
try these guys
try these guys out
try these out
try this
try this out
try this site
try this web-site
try this website
try what he says
try what she says
updated blog post
use this link
view it
view it now
view publisher site
view siteÂ…
view website

Regulators have already moved against big tech companies and others who have failed to properly protect consumer data. Here’s what we know about the GDPR fines that have been issued around Europe so far and why they’ve been handed out.

Google’s Pre-Checked Boxes

On the day the GDPR came into force across Europe (May 25, 2018), the French data-protection regulator received a complaint about Google. Three days later another arrived at the door of the National Data Protection Commission (CNIL), and at the start of 2019, CNIL hit Google with a €50 million ($56 million) fine.

CNIL said the penalty was for a “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.” In a summary of its decision, CNIL broke the fine down into two areas: not providing enough information about how Google uses information provided to it from across 20 different services and not correctly gaining consent for processing user data.

The regulator’s full decision (PDF) says that when users set up a Google account, there was only one option of accepting all processing of personal data, not a breakdown of all the types of information that would be handled. It also added there were pre-checked boxes within Google’s options, which are not allowed under the GDPR.

CNIL said: “The infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations.”

Bulgaria’s DSK Bank Leak

Bulgarian financial group DSK Bank was hit with a fine of 1 million levs ($570,000) by the country’s Commission for Personal Data Protection at the end of August 2019, after names, addresses, copies of ID cards, and bank account numbers of more than 30,000 people were disclosed accidentally.

Information about 23,000 loans was also disclosed, with the country’s data-protection regulator saying there were details on “an unlimited number of related third parties'” within the disclosure. Few details about how the data breach happened have been revealed, but a report from Reuters said the bank had previously been contacted by a “Bulgarian former convict” who had a database of customer data.

Leave a Reply

Your email address will not be published.