Meta accounts for 82% of fines under EU privacy laws, shows data- QHN

Penalties imposed on Meta Platforms constitute 82.6 per cent of the total fines imposed under the European Union’s General Data Protection Regulation (GDPR), Tsaaro — a data privacy and cyber security services provider — reveals in its Privacy Fines Report 2022, a first-of-its-kind survey of enforcement trends under the GDPR.

Tsaaro has analysed about 500 fines and penalties imposed by EU data protection authorities under the GDPR. Indian laws under the Digital Personal Data Protection Bill 2022 also have provisions for penalties. Tsaaro expects that India will see a similar story.

The fines seek to rectify wrongs committed, and caution firms that privacy breaches will not be taken lightly and non-compliance would incur the authorities’ ire.

Key findings

82.6% share of total fines accounted for by Meta Platforms (amount paid: €697mn)

86% share of total fines accounted for by the media, telecom and broadcasting industry

26% share of firms in finance, insurance and consulting that violated Art 5 of GDPR

29% of penalised firms in the transport and energy sector violated Art 6 of GDPR

10% of total fines were imposed on public sector entities and educational institutions

12 Number of penalties of €500,000 in 2018

166X Increase in total penalties in 4 years

€831.25mn Total penalty amount in 2022 (440 fines)

€20 mn Amount that fines can go up to for serious violations listed in Art 83(5) of GDPR, or up to 4% of the preceding fiscal year’s total global turnover for companies

€10 mn Fines of up to this amount for less-severe violations, as defined in Art 83(4) of GDPR, or 2% of a firm’s worldwide sales during the preceding fiscal year, whichever is higher

Top 5 provisions for which organisations were penalised:

Art 5, 6, 12, 13, 32