Privacy fines recently imposed by government authorities, including GDPR fines and fines issued under other privacy laws:
30/Apr/2020: Netherlands, EUR 725,000 for Unnamed company (Dutch Data Protection Authority)  |
27/Mar/2020: United Kingdom, GBP 171,000 for Black Lion Marketing Ltd (Information Commissioner's Office)  |
25/Mar/2020: Romania, EUR 3,000 for Dante International SA (Romanian National Supervisory Authority)  |
25/Mar/2020: Spain, EUR 5,000 for Xfera Moviles S.A. (Spanish Data Protection Agency)  |
| 12/Mar/2020: Spain, EUR 30,000 for Telefónica Móviles España, S.A.U. (Spanish Data Protection Agency) |
10/Mar/2020: Denmark, DKK 100,000 for Gladsaxe Municipality (Danish Data Protection Agency)  |
10/Mar/2020: Sweden, SEK 75,000,000 for Google LLC (Swedish Data Protection Authority)  |
| 10/Mar/2020: Denmark, DKK 50,000 for Hørsholm Municipality (Danish Data Protection Agency) |
09/Mar/2020: Poland, PLN 20,000 for Vis Consulting Sp. z o.o. (Polish Personal Data Protection Office)  |
05/Mar/2020: Iceland, ISK 3,000,000 for National Center of Addiction Medicine (Icelandic Data Protection Authority)  |
| 03/Mar/2020: Netherlands, EUR 525,000 for De Koninklijke Nederlandse Lawn Tennisbond (Dutch Data Protection Authority) |
02/Mar/2020: Singapore, SGD 5,000 for Management Corporation Strata Title Plan No. 3593 (Data Protection Commission Singapore)  |
| 28/Feb/2020: Spain, EUR 60,000 for Vodafone España, S.A.U. (Spanish Data Protection Agency) |
| 25/Feb/2020: Romania, EUR 3,000 for Enel Energie Muntenia SA (Romanian National Supervisory Authority) |
| 21/Feb/2020: Spain, EUR 120,000 for Vodafone España S.A.U. (Spanish Data Protection Agency) |
Our index records a grand total of USD$ 5,775,147,875 in privacy fines worldwide, as of today.
***
Latest GDPR fines
Our most recently recorded GDPR fines, excluding fines issued under local legislation or outside the EU:
EUR 725k GDPR fine for unnamed Dutch employer
Xfera Moviles S.A., telecoms firm, fined EUR 5k
Dante International SA fined EUR 3k
Telefónica Móviles España, S.A.U. fined EUR 30k
Alternatively, see all GDPR fines to date.
***
Privacy fines under other legislation
We collate fines imposed under HIPAA, DPA1998, COPPA98 and cases where a general local law is applied, or where the law supporting the fine is not specified by the regulator.
***
Highest fines, all jurisdictions
Our 10 largest fines, as recorded, for all jurisdictions and ordered by greatest value in US dollars:
24/Jul/2019: United States, USD 5,000,000,000 for Facebook Inc (Federal Trade Commission)  |
| 08/Jul/2019: United Kingdom, GBP 183,390,000 for British Airways plc (Information Commissioner's Office) |
| 04/Sep/2019: United States, USD 170,000,000 for Google LLC, YouTube LLC (Federal Trade Commission) |
| 09/Jul/2019: United Kingdom, GBP 99,200,396 for Marriott International Inc. (Information Commissioner's Office) |
21/Jan/2019: France, EUR 50,000,000 for Google Inc (French Data Protection Authority)  |
| 25/Mar/2014: United States, USD 32,500,000 for Apple Inc (Federal Trade Commission) |
15/Jan/2020: Italy, EUR 27,802,946 for TIM SpA (Italian Data Protection Authority)  |
| 09/Aug/2012: United States, USD 22,250,000 for Google Inc (Federal Trade Commission) |
23/Oct/2019: Austria, EUR 18,000,000 for Austrian Post (Austrian Data Protection Authority)  |
05/Nov/2019: Germany, EUR 14,500,000 for Deutsche Wohnen SE (Berlin Commissioner for Data Protection)  |
Index methodology
Fines or enforcement action of less than $US 5,000 in value are not prioritized for inclusion in the index. Proposed fines, issued under a formal “notice of intention” but not yet finalized, are included in the fine totals and recorded as a fine until varied or withdrawn. For fines issued to an individual, the name of the individual is not reproduced in the index.
***
Help us
Help by sending us information on any fines not in our index. We are able to include an individual acknowledgement for you, on our fines entry page.
***