Privacy fines recently imposed by government authorities, including GDPR fines and fines issued under other privacy laws:
13/Jan/2021: Spain, EUR 6,000,000 for Caixabank S.A. (Spanish Data Protection Agency)  |
27/Oct/2020: United Kingdom, GBP 250,000 for Reliance Advisory Limited (Information Commissioner's Office)  |
13/Oct/2020: Norway, EUR 276,000 for Bergen Municipality (Norwegian Data Protection Authority)  |
01/Oct/2020: Germany, EUR 35,258,707 for H&M Hennes & Mauritz Online Shop A.B. & Co. KG. ()  |
13/Jul/2020: Italy, EUR 16,700,000 for Wind Tre S.p.A. (Italian Data Protection Authority)  |
30/Apr/2020: Netherlands, EUR 725,000 for Unnamed company (Dutch Data Protection Authority)  |
| 27/Mar/2020: United Kingdom, GBP 171,000 for Black Lion Marketing Ltd (Information Commissioner's Office) |
25/Mar/2020: Romania, EUR 3,000 for Dante International SA (Romanian National Supervisory Authority)  |
| 25/Mar/2020: Spain, EUR 5,000 for Xfera Moviles S.A. (Spanish Data Protection Agency) |
| 12/Mar/2020: Spain, EUR 30,000 for Telefónica Móviles España, S.A.U. (Spanish Data Protection Agency) |
10/Mar/2020: Denmark, DKK 100,000 for Gladsaxe Municipality (Danish Data Protection Agency)  |
10/Mar/2020: Sweden, SEK 75,000,000 for Google LLC (Swedish Data Protection Authority)  |
| 10/Mar/2020: Denmark, DKK 50,000 for Hørsholm Municipality (Danish Data Protection Agency) |
09/Mar/2020: Poland, PLN 20,000 for Vis Consulting Sp. z o.o. (Polish Personal Data Protection Office)  |
05/Mar/2020: Iceland, ISK 3,000,000 for National Center of Addiction Medicine (Icelandic Data Protection Authority)  |
Our index records a grand total of USD$ 5,614,278,875 in privacy fines worldwide, as of today.
***
Latest GDPR fines
Our most recently recorded GDPR fines, excluding fines issued under local legislation or outside the EU:
Caixabank S.A. fined EUR 6 million
Bergen Municipality fined EUR 276k
Wind Tre S.p.A. fined EUR 16.7 mil
Alternatively, see all GDPR fines to date.
***
Privacy fines under other legislation
We collate fines imposed under HIPAA, DPA1998, COPPA98 and cases where a general local law is applied, or where the law supporting the fine is not specified by the regulator.
***
Highest fines, all jurisdictions
Our 10 largest fines, as recorded, for all jurisdictions and ordered by greatest value in US dollars:
24/Jul/2019: United States, USD 5,000,000,000 for Facebook Inc (Federal Trade Commission)  |
| 04/Sep/2019: United States, USD 170,000,000 for Google LLC, YouTube LLC (Federal Trade Commission) |
| 09/Jul/2019: United Kingdom, GBP 99,200,396 for Marriott International Inc. (Information Commissioner's Office) |
21/Jan/2019: France, EUR 50,000,000 for Google Inc (French Data Protection Authority)  |
| 01/Oct/2020: Germany, EUR 35,258,707 for H&M Hennes & Mauritz Online Shop A.B. & Co. KG. () |
| 25/Mar/2014: United States, USD 32,500,000 for Apple Inc (Federal Trade Commission) |
| 15/Jan/2020: Italy, EUR 27,802,946 for TIM SpA (Italian Data Protection Authority) |
| 08/Jul/2019: United Kingdom, GBP 20,000,000 for British Airways plc (Information Commissioner's Office) |
| 09/Aug/2012: United States, USD 22,250,000 for Google Inc (Federal Trade Commission) |
23/Oct/2019: Austria, EUR 18,000,000 for Austrian Post (Austrian Data Protection Authority)  |
Index methodology
Fines or enforcement action of less than $US 100,000 in value are not prioritized for inclusion in the index. Proposed fines, issued under a formal “notice of intention” but not yet finalized, are included in the fine totals and recorded as a fine until varied or withdrawn. For fines issued to an individual, the name of the individual is not reproduced in the index.
***
Help us
Help by sending us information on any fines not in our index. We are able to include an individual acknowledgement for you, on our fines entry page.
***