Fewer fines for GDPR violations in the EU in 2022

The latest data analyzed by IT security service provider Atlas VPN shows that EU companies have paid a total of €2.83 billion in 1401 cases for breaches of various data protection laws by December 2022. Of these, GDPR fines total €832 million in 2022. This is 36 % less than the 1.3 billion euros that had to be paid as a result of GDPR violations in 2021. The data for the analysis comes from Enforcementtracker, it should be noted that not all cases have been made public.

Meta must repeatedly pay hundreds of millions in fines

However, the past year is not characterized by the total amount of fines, but by the severity of the penalties imposed on a single company - namely Meta. The highest amount levied for violations was recorded in the third quarter of 2021, but the third quarter of 2022 was also significant, as companies were fined 430 million euros.

Significantly, the majority of the fines in 2022 were paid by a single tech giant - Meta. The Data Protection Commission (DPC), a GDPR enforcement authority in Ireland, fined Meta Platforms Ireland Limited (Instagram) €405 million on September 5, 2022. In this case, two problems were identified in the processing of personal data of children using Instagram. The children's email addresses and phone numbers were publicly available when they used the Instagram business account feature, and the children's Instagram profiles were public by default.

Another hefty fine of 265 million euros was imposed on the same company on November 25, 2022, when the data protection authority declared that Meta had violated two articles of EU data protection laws after data from Facebook users from all over the world was tapped from public profiles in 2018 and 2019. In addition, the Data Protection Commissioner issued a "reprimand and an order" requiring Meta to "bring its processing operations into compliance by implementing a set of specified remedies within a specified period", according to the statement. Meta complied with this request and made the adjustments within the specified timeframe. To date, Meta has paid around 1 billion euros for GDPR violations.

Protection against GDPR breaches a "daunting task"

The GDPR has been in force since May 25, 2018 and has an impact on many companies operating in the EU. As it is an extraterritorial regulation, the GDPR also applies to companies outside the EU, including those in Switzerland. The legislation aims in particular to protect the rights of data subjects and not to regulate companies. A "data subject" is any EU citizen.

The scope and complexity of the General Data Protection Regulation is keeping the compliance departments of many companies busy, making it a rather daunting task, as Atlas VPN states. Nevertheless, it is necessary, he says, because as the world becomes increasingly interconnected, it also becomes more and more difficult to remain anonymous, which is one of the most basic rights that everyone should be able to enjoy, even if it means that companies have to change their approach to data collection and processing and pay fines.

The introduction of the new data protection law is also planned for this year in Switzerland.

Source: Atlas VPN

This article originally appeared on m-q.ch - https://www.m-q.ch/de/weniger-bussen-wegen-dsgvo-verstoessen-in-der-eu-in-2022/