A total of €1.2 billion in fines were issued across Europe last year for breaches of the EU’s data protection rules, a new report has found, with the Irish authorities responsible imposing more than half of that total.
That included fines of €310 million imposed on Microsoft-owned LinkedIn and a €251 million fine against Facebook and Instagram owner Meta during the year.
However, the seventh annual edition of DLA Piper’s GDPR Fines and Data Breach survey noted there was an overall decline in the value of fines imposed year on year, despite a continuing upward trend in enforcement. This reduction is being attributed to the €1.2 billion fine that was imposed on Meta in 2023, a record-breaking penalty that skewed figures.
Ireland’s Data Protection Commission has issued a total of €3.5 billion in fines since GDPR was introduced in 2018, topping the list of European authorities in terms of value. The concentration of Big Tech companies in Ireland means the DPC the lead authority when it comes to overseeing adherence to data protection rules. Almost €6 billion in fines has been issued across the EU in the same period.
Technology companies were the main target for the bigger fines over that period, with the Dutch Data Protection Authority fining ride-hailing app Uber €290 million in August 2024 over transfers of personal data to a third country.
Financial services and energy were also the subject enforcement last year, and the average number of breach notifications per day increased slightly to 363 from 335 a year earlier.
“The headline figures in this year’s survey have, for the first time ever, not broken any records so you may be forgiven for assuming a cooling of interest and enforcement by Europe’s data regulators. This couldn’t be further from the truth,” said John Magee, Partner and Global Co-Chair Data, Privacy and Cybersecurity Group.
“From growing enforcement in sectors away from big tech and social media, to the use of the GDPR as an incumbent guardrail for AI enforcement as AI specific regulation falls into place, and supervisory authorities looking to impose personal liability on company directors – GDPR enforcement remains a dynamic and evolving arena with Ireland’s DPC remaining at the forefront as Europe’s leading data regulator.”
- Sign up for the Business Today newsletter and get the latest business news and commentary in your inbox every weekday morning
- Opt in to Business push alerts and have the best news, analysis and comment delivered directly to your phone
- Join The Irish Times on WhatsApp and stay up to date
- Our Inside Business podcast is published weekly – Find the latest episode here
