Tsaaro Annual Report on Privacy Fines 2022

Technological advancements have created the need for the protection of personal and sensitive data of individuals. This led to the introduction of the EU’s General Data Protection Regulation (GDPR), compliance with this privacy legislation is one of the significant steps to avoid the strict fines imposed. The non-compliance with the privacy legislation has witnessed record-breaking fines under the GDPR.  

Tsaaro Consulting’s annual report on the Privacy Fines 2022 analyzes the reasons behind the penalties, this report examines the most common violations that lead to fines, and the actionable recommendations to help in ensuring compliance with the regulations of GDPR.  

Non-compliance with GDPR would automatically lead to fines, so breaches must be taken seriously and the supervisory authorities in the EU are becoming more stringent to bring this into practice. Our report on the privacy fines 2022 helps to understand the enforcement trends and dwells deep into an industry-specific trend analysis of the fines levied on enterprises for non-compliance. 

  

FINES AND PENALTIES UNDER GDPR 

Breach incidents should be taken seriously; the fines that are associated with them reach millions of euros. Considering each of the cases, the penalty can be imposed based on the statutory catalog of criteria on whether and the type of penalty that can be imposed is available to the specific authorities. The penalties can be increased based on a variety of reasons.  

For the serious violations that are listed in Article 83(5), it is possible to be fined up to 20 million euros or up to 4% of the preceding fiscal year’s total global turnover for undertakings.  

 In the GDPR Article, 83(4) might result in a fine of more than 10 million euros or 2% of the company’s worldwide sales during the preceding fiscal year whichever is higher.  

The additional penalties can be laid down by the member states under their national regulations such as the criminal penalties for certain GDPR violations or national rules which can be imposed by the national authorities on the flexibility clauses. These penalties act as a deterrent.  

TOP PENALTIES OF 2022  

Data privacy fines have been faced by big organizations where they failed to protect personal data and non-compliance with the GDPR made them pay such record-breaking fines. Our Privacy Report 2022 analyses the top privacy fines of 2022 and an in-depth analysis of the industry-wise and country-wise analyses to provide a detailed report on the fines levied on the industries that failed to protect the customers’ data.  

1. Mata Platforms Inc. – € 687 million – In 3 separate instances Meta was fined in 2022, by the Data Protection Authority (DPA) of Ireland, with the highest penalty being 405 million Euros levied on 9th May 2022. This was based on the investigation which revealed that the personal data of the minors had been displayed publicly which led them to pay a huge fine. It was also found that the default settings of underage accounts were set to “public” making their accounts viewable by anyone unless the account holders went and changed the settings. Meta was fined 265 million Euros and 17 million Euros on the other 2 instances which were levied on 25th November 2022 and 15th March 2022. It was due to the fact that Meta was unable to demonstrate they had sufficient technical and organizational security measures in place. 
2. Clearview AI Inc – € 69 Million – Greece, Italy, and France’s Data Protection Authorities. Where each DPA levied a fine a total of 4 times in 2022 with the 3 of those amounting to 20 million Euros. It was levied after finding out that the company’s database had processed the data unlawfully and without a valid legal basis.  
3. Google LLC – € 10 Million – Data Protection Authority of Spain imposed a fine of 10 million because of the investigation which took place after the two data subjects complained that Google had disclosed their personal data to third parties without authentication. And it was found that the data was transferred to a third country without giving the data subjects the option to object to it. In some instances, sensitive personal data was also processed.  
4. REWE International – € 8 Million – Austria’s Data Protection Authority has fined the Austrian food retailer which was fined 8 million euros for being careless in handling the data of the customers. It violated the various provisions of GDPR, where the company’s loyalty club allegedly collected data of the users without their consent and used those for marketing purposes.  
5. Cosmote Telecomm. SA – € 6 Million – 6 million euros was fined by Greece’s Data Protection Authority under Article 33 of GDPR. This amounts to one of the data breach fines of 2022, where the investigation revealed that a hacker had gotten through the controller’s system and leaked the data of the customers. Further, Cosmote failed to conduct a Data Protection Impact Assessment (DPIA) and also it failed to inform its customers about the criteria of the data processing activity.  

  

The Tsaaro Consulting’s Report on Privacy Fines 2022 also highlights the industry-wise and country-wise analysis in-depth, the countries on the data privacy fines in 2022, the most violated provisions of GDPR, etc.,  

CONCLUSION  

The top breaches in data privacy in 2022 have resulted in hefty penalties levied by the appropriate Data Protection Authorities. Tsaaro Consulting’s report also suggests some measures to avoid such hefty penalties also about compliance with the GDPR and security measures to safeguard the personal data of the customers.