Skip to content

GDPR violators pay fines exceeding $1 million daily in 2024

GDPR violators pay fines exceeding $1 million daily in 2024

Since the introduction of the General Data Protection Regulation (GDPR) policy in 2018, a whopping 2,083 fines have been issued, with penalties amounting to €4.5 billion ($4.9 billion) in total by the end of April 2024.

According to the data compiled by Finbold, the watchdogs have continued their efforts to crack down on privacy violations against European citizens in 2024 and have fined violators a total of €137 million ($149 million) between January 1 and April 30.

The data shows that companies breaching the provisions of GDPR have been paying—on average—as much as €1.1 million ($1.2 million) per day through the first 120 days of 2024. In total, 76 penalties have been issued in the four months, with Spain accounting for as many as 30.

During the first full months of 2024, the average amount paid by violating companies was approximately €1.8 million ($1.95 million).

The fines are based on the GDPR Enforcement Tracker, announcements from relevant national regulators, and Finbold’s earlier GDPR Fines reports

The biggest GDPR fines of 2024

Though none of the fines levied in 2024 broke the record set by the Republic of Ireland in 2023 when it compelled Mark Zuckerberg’s Meta Platforms (NASDAQ: META) to pay €1.2 billion ($1.3 billion), the year nonetheless featured the imposition of multiple large penalties.

According to the official announcement, in early February, Enel Energia—an electricity and gas supplier—was penalized by the Italian government for illicitly acquiring private individuals’ data for telemarketing purposes. The fine amounted to €79 million ($86 million).

The second-biggest fine—€32 million ($34.7 million)—was levied against Amazon France Logistique by France for setting up an inappropriately intrusive surveillance system intended to monitor employees’ activity and productivity.

In April, the Czech Republic became responsible for the third-biggest penalty of the year. Avast Software, best known for its antivirus software, was found responsible for forwarding its users’ data to a firm called Jumpshot Jumpshot for personalized marketing purposes. As a result, the online security company was compelled to pay a penalty of nearly €14 million ($15 million).

Hellenic Post – the state-owned postal service – became the target of the fourth-largest fine of 2024 when the Greek watchdog found that it had failed to prevent personal data from being leaked to the dark web. In turn, Hellenic Post was forced to pay a penalty of €3 million ($3.2 million).

Finally, the gift-largest penalty was issued to UniCredit Bank by the Italian government. Similar to Hellenic Post, the banking giant was found to have insufficient measures to ensure data security – and has, thus, been the target of a significant cyber attack that led to a large-scale data breach – and was fined €2.8 million ($3 million).

EU regulators continue to deal with a backlog of data breaches

Despite the European regulators’ continued efforts to tackle privacy and security issues, the fines levied in the first four months of 2024 highlight the scale of the issue. Indeed, several of the largest penalties issued since the year started pertain to old issues.

For example, the UniCredit Bank cyber attack and data breach took place six years ago in 2018. Similarly, Czech law enforcement confirmed that Avast was forwarding its users’ data only in a relatively brief period during 2019.

Similarly, at least a part of the GDPR violations made by Amazon France Logistique targeted temporary workers in April 2020 – a period noted for companies being granted more leeway to offset the hardships of the Covid-19 pandemic and the resulting lockdowns.

Ultimately, while the actions of European law enforcement since the start of 2024 highlight the bloc’s commitment to ensuring data security and privacy for the people of Europe, the timing of many of the most severe violations showcases the scale of the issue and hints toward possible deficiencies in the system given the apparent tardiness of the fining.

The matter is especially pointed given that the GDPR was passed, in part, to streamline data protection enforcement and expedite the regulators’ efforts.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account? Sign In

Services

Disclaimer: The information on this website is for general informational and educational purposes only and does not constitute financial, legal, tax, or investment advice. This site does not make any financial promotions, and all content is strictly informational. By using this site, you agree to our full disclaimer and terms of use. For more information, please read our complete Global Disclaimer.