Fewer fines for GDPR violations in the EU in 2022
In 2022, EU companies had to pay a total of over €830 million in fines for GDPR violations. This is less than in the previous year. Meta turns out to be the biggest "sinner" against data protection regulations.
The latest data analyzed by IT security service provider Atlas VPN shows that EU companies have paid a total of €2.83 billion in 1401 cases for breaches of various data protection laws by December 2022. Of these, GDPR fines total €832 million in 2022. This is 36 % less than the 1.3 billion euros that had to be paid as a result of GDPR violations in 2021. The data for the analysis comes from Enforcementtracker, it should be noted that not all cases have been made public.
Meta must repeatedly pay hundreds of millions in fines
However, the past year stands out not for the total amount of fines, but for the severity of the penalties imposed on a single company - namely Meta. The highest amount levied for violations was recorded in the third quarter of 2021, but the third quarter of 2022 was also significant, as companies were fined 430 million euros.
Significantly, the bulk of the fines in 2022 were paid by a single tech giant - Meta. The Data Protection Commission (DPC), a GDPR enforcement agency in Ireland, fined Meta Platforms Ireland Limited (Instagram) €405 million on September 5, 2022. In this case, two problems were found in the processing of personal data of children using Instagram. The children's email addresses and phone numbers were publicly available when they used Instagram's business account feature, and the children's Instagram profiles were public by default.
The same company was slapped with another hefty fine of €265 million on Nov. 25, 2022, when the data protection authority said Meta had violated two articles of EU data protection laws after data of Facebook users from around the world was grabbed from public profiles in 2018 and 2019. In addition, the DPA issued a "reprimand and an order" compelling Meta to "bring its processing into compliance by implementing a set of specified remedial measures within a certain period of time," according to the statement. Meta complied with that request and made the adjustments within the specified timeframe. To date, Meta has paid around €1 billion for GDPR violations.
Protecting against GDPR breaches a "daunting task"
The GDPR has been in force since May 25, 2018 and has an impact on many companies operating in the EU. As it is extraterritorial, the GDPR also applies to companies outside the EU, including those in Switzerland. In particular, the legislation aims to protect the rights of data subjects, not to regulate businesses. A "data subject" is any EU citizen.
The scope and complexity of the General Data Protection Regulation is keeping the compliance departments of many companies busy, making it a rather daunting task, as Atlas VPN states. Nevertheless, it is necessary, he says, because as the world becomes increasingly interconnected, it also becomes more and more difficult to remain anonymous, which is one of the most basic rights that everyone should be able to enjoy, even if it means that companies have to change their approach to data collection and processing and pay fines.
The introduction of the new data protection law is also planned for this year in Switzerland.
Source: Atlas VPN
