Europe’s Privacy Watchdogs Levy $329 Million in ‘GDPR’ Fines

Europeandata-privacy watchdogs levied about 272.5 million euros ($329 million) in fines since they were armed with tougher powers almost three years ago, according to a report by law firm DLA Piper.

During the same period, people or companies reported more than 281,000 personal data breaches to regulators across the region, with almost 78,000 coming from Germany, DLA Piper said on Tuesday.

Regulators have “adopted extremely strict interpretations” of the European Union’s General Data Protection Regulator, or GDPR, “setting the scene for heated legal battles in the years ahead,” Ross McKean, DLA Piper’s U.K. data protection and security group chair, said in a statement.

GDPR took effect in May 2018, paving the way for fines of as much as 4% of annual sales if companies violate people’s data-protection rights. The biggest fine to date under the EU rules was a 50 million-euro penalty for Google by France’s watchdog CNIL.

Other fines since include a penalty of 450,000 euros for Twitter Inc. by the Irish data protection commission, which has been criticized over its slow pace as cases have been piling up since the GDPR rules took effect. A German watchdog last year slapped a Hennes & Mauritz AB unit with a 35.3 million-euro fine after managers trampled on the private lives of staff.

The report includes fines levied by the U.K.’s Information Commissioner’s Office before the expiry of the Brexit transition period, as well as those by non-EU Norway, Iceland and Liechtenstein.

Marriott International Inc. and British Airways were fined 18.4 million pounds ($25 million) and 20 million pounds respectively by the U.K.’s ICO, much lower than initially announced penalties.

DLA Piper predicts that legal fights over data transfers out of the now 27-nation bloc may be in store following a surprise ruling in July by the EU’s top court to topple the so-called Privacy Shield, an EU-approved trans-Atlantic transfer tool, over fears citizens’ data isn’t safe once shipped to the U.S.

To contact the reporter on this story:
Nimra Shahid in London at nshahid6@bloomberg.net

To contact the editors responsible for this story:
Sonali Pathirana at spathirana@bloomberg.net

Christopher Elser, Stephanie Bodoni

© 2021 Bloomberg L.P. All rights reserved. Used with permission.