Data protection authorities in Europe are gaining confidence and competence, which is reflected in the statistics of penalties for violators. This year, Ireland imposed a record fine on Facebook, and for GDPR violations, businesses and government agencies have been fined a total of four billion euros, pointed out Krete Paal, the CEO of GDPR Register.
This year, businesses and government institutions have been fined 4.4 billion euros for GDPR violations. Penalties are most often imposed in sectors such as commerce, media and telecommunications, financial services, healthcare, and the public sector.
The fine imposed on Amazon in 2021 of 746 million euros was surpassed, and the top of the fine leaderboard is now occupied by Facebook’s parent company, Meta, with a decision of 1.2 billion euros. The largest fine in the history of the GDPR was imposed by the Irish data protection authority together with the European Union Data Protection Board. “During the investigation, it was found that the platform sends user data from Facebook from European Union countries to the United States, which at least at the time of data transmission was considered by the EU to be a country with an inadequate level of data protection,” Paal explained the background of the massive fine.
Data protection focus shifts to the field of artificial intelligence
European data protection supervisory authorities continue, according to Paal, to strive to reduce the attractiveness of creating business models that violate regulations, making it expensive through fines.
“The statistics of procedures strongly indicate a shift in supervisory focus to the fields of artificial intelligence and machine learning, and the use of personal data for their training. We should not forget that discussions are ongoing in the European Union about the possible partial prohibition of facial recognition technologies in connection with the entry into force of new AI regulations,” said Paal.
To avoid potential fine costs and prevent reputational damage, the head of the data protection-focused startup GDPR Register advised businesses and government agencies to invest in ensuring compliance with data protection rules. “It all starts with a structured overview of why and what personal data is processed; this is required from every company and government institution,” she advised.