GDPR fines 2019 – much ado about nothing?

Disculpa, pero esta entrada está disponible sólo en Inglés, Ruso y Ucraniano.

The latest update on the GDPR fines is enlisted below and it shows that privacy is not dead.

PWC BS

Fine: € 150 000

Reason: inappropriate legal basis (consent) and violation of the principle of accountability

DPA: HDPA (GR)

Data Subjects: employees

Marriott International

Fine: £ 99 200 396

Reason: data breach

DPA: ICO (UK)

Data Subjects: customers (399 M)

British Airways

Fine: £ 183 390 000

Reason: data breach

DPA: ICO (UK)

Data Subjects: customers (500 K)

Taxa 4×35

Fine: € 160 000

Reason: failure to delete customers’ data

DPA: Danish DPA (DK)

Data Subjects: customers (9 M)

Municipality of Bergen

Fine: € 170 000

Reason: inadequate data security

DPA: Norwegian DPA (NO)

Data Subjects: users (35 K)

Google

Fine: € 50 000 000

Reason: lack of transparency, inadequate information, lack of valid consent regarding the ads personalization

DPA: CNIL (FR)

Data Subjects: users

Uniontrad Compan

Fine: € 20 000

Reason: the video surveillance systems it set up to monitor its employees

DPA: CNIL (FR)

Data Subjects: employees

EE Limited

Fine: € 100 000

Reason: direct marketing messages to its customer without consent

DPA: ICO (UK)

Data Subjects: customers (2,5 M)

Facebook

Fine: € 1 000 000

Reason: Cambridge Analytica (€ 1 M)

DPA: Garante (IT)

Data Subjects: users

Facebook

Fine: € 2 000 000

Reason: breaching the country`s law on internet transparency

DPA: Federal Office of Justice (DE)

Data Subjects: users

Österreichische Post AG (ÖPAG)

Fine: € 18 000 000

Reason: processing personal data on the alleged political affinity of affected data subjects

DPA: The Austrian data protection authority (DPA)

Data Subjects: users