Search Privacy Fines

Browse and filter privacy enforcement fines worldwide.

← Back to Overview

Regulation

Country

Year

Min Fine (USD)

Sort

2,028 fines found

Total: $8.1B

Date	Company	Fine	Regulation	Authority	Country	Type	Summary
2023-05-04	B2 Kapital d.o.o.	€2.3M	GDPR	Croatian Data Protection Authority (AZOP)	Croatia	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR, Art. 13 (1) GDPR, Art. 28 (3) GDPR, Art. 32 (1) b), d) GDPR, Art. 32 (2) GDPR
2020-11-18	Carrefour France	€2.3M	GDPR	French Data Protection Authority (CNIL)	France	Multiple	-- Articles: Art. 5 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 17 GDPR, Art. 21 GDPR, Art. 32 GDPR, Art. 33 GDPR
2024-05-15	Airbnb Ireland	€2.1M	GDPR	Ireland DPC	Ireland	consent	Excessive collection and processing of ID document data. Excessive collection and processing of ID document data. Articles: Art. 6
2022-10-06	Alpha Exploration	€2.0M	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) a), e), f) GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 12 (1) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 27 (4) GDPR, Art. 28 GDPR, Art. 32 GDPR, Art. 35 GDPR
2022-02-11	Amazon Road Transport Spain S.L.	€2.0M	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 6 (1) GDPR, Art. 10 GDPR, Art. 10 LOPDGDD
2021-08-02	Unser O-Bonus Club GmbH	€2.0M	GDPR	Austrian Data Protection Authority (DSB)	Austria	Failure to comply with data processing principles	-- Articles: Art. 6 GDPR, Art. 7 GDPR, Art. 12 GDPR
2022-03-03	BREBAU GmbH	€1.9M	GDPR	Data Protection Authority of Bremen	Germany	Failure to comply with data processing principles	-- Articles: Art. 5 (1) GDPR, Art. 6 (1) GDPR, Art. 9 GDPR
2021-07-20	SGAM AG2R LA MONDIALE	€1.8M	GDPR	French Data Protection Authority (CNIL)	France	Failure to comply with data processing principles	-- Articles: Art. 5 (1) e) GDPR, Art. 13 GDPR, Art .14 GDPR
2021-06-21	Storstockholms Lokaltrafik	€1.6M	GDPR	Data Protection Authority of Sweden	Sweden	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) f) GDPR, Art. 13 GDPR
2022-10-04	Easylife Ltd.	€1.5M	GDPR	Information Commissioner (ICO)	United Kingdom	Failure to comply with data processing principles	-- Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 13 (1) c) GDPR, Regulation 21 PECR
2022-04-15	DEDALUS BIOLOGIE	€1.5M	GDPR	French Data Protection Authority (CNIL)	France	Non-compliance with subjects' rights protection safeguards	-- Articles: Art. 28 GDPR, Art. 29 GDPR, Art. 32 GDPR
2020-12-03	Aleris Sjukvård AB	€1.5M	GDPR	Data Protection Authority of Sweden	Sweden	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR
2020-11-13	Ticketmaster UK Limited	€1.4M	GDPR	Information Commissioner (ICO)	United Kingdom	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
2022-10-20	Douglas Italia S.p.a.	€1.4M	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) b), e) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 12 (1) GDPR, Art. 13 (2) a) GDPR, Art. 24 GDPR, Art. 25 (1) GDPR
2023-02-01	GoodRx	$1.5M	Health Breach Notification Rule	FTC	United States	consent	First FTC enforcement under Health Breach Notification Rule. Shared health data ... First FTC enforcement under Health Breach Notification Rule. Shared health data with advertisers.
2022-04-05	Danske Bank	€1.3M	GDPR	Danish Data Protection Authority (Datatilsynet)	Denmark	Failure to comply with data processing principles	-- Articles: Art. 5 (2) GDPR
2021-12-21	Lisbon City Council	€1.3M	GDPR	Portuguese Data Protection Authority (CNPD)	Portugal	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) a), c), e) GDPR, Art. 6 GDPR, Art. 9 (1) a) GDPR, Art. 13 (1), (2) GDPR, Art. 35 (3) GDPR
2020-06-30	Allgemeine Ortskrankenkasse	€1.2M	GDPR	Data Protection Authority of Baden-Wuerttemberg	Germany	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 32 GDPR
2021-06-07	MedHelp AB	€1.2M	GDPR	Data Protection Authority of Sweden	Sweden	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 (1) a), f) GDPR, Art. 6 GDPR, Art. 9 (1) GDPR, Art. 13 GDPR, Art. 32 GDPR
2020-12-03	Aleris Sjukvård AB	€1.2M	GDPR	Data Protection Authority of Sweden	Sweden	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR
2022-07-26	Volkswagen	€1.1M	GDPR	Data Protection Authority of Saxony	Germany	nsufficient fulfilment of information obligations	-- Articles: Art. 13 GDPR, Art. 28 GDPR, Art. 30 GDPR, Art. 35 GDPR
2022-06-23	TotalEnergies Electricite et Gaz France	€1.0M	GDPR	French Data Protection Authority (CNIL)	France	Non-compliance with subjects' rights protection safeguards	-- Articles: Art. 14 GDPR, Art. 15 GDPR, Art. 21 GDPR
2022-01-19	Fortum Marketing and Sales Polska S.A.	€1.0M	GDPR	Polish National Personal Data Protection Office (UODO)	Poland	Failure to comply with data processing principles	-- Articles: Art. 5 (1) f) GDPR, Art 24 (1) GDPR, Art. 25 (1) GDPR, Art. 28 (1) GDPR, Art. 32 (1), (2) GDPR
2022-11-24	Areti spa	€1.0M	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) d), e) GDPR, Art. 5 (2) GDPR, Art. 12 GDPR, Art. 15 GDPR, Art. 24 GDPR
2021-11-12	WS WiSpear Systems Ltd	€925K	GDPR	Cypriot Data Protection Commissioner	Cyprus	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) a) GDPR

PreviousPage 6 of 82Next