Regulators in the UK have levied €114 million ($126 million) in fines for data violations since instituting new stronger privacy mandates in mid-2018, The Financial Times reportedon Sunday (Jan. 19).
Law firm DLA Piper distributed a report indicating the disparity in fines among countries. France hit Google with a €50 million fine, the largest single violation against one firm. Conversely, the Netherlands, Britain and Germany had the most notifications regarding data breaches.
The General Data Protection Regulation (GDPR) is intended to protect personal information and imposes steep fines if data is exposed or provided without user consent.
The regulation is enforced by data protection divisions throughout the 28-member European Union. Ireland has the biggest responsibility as the head regulator for Silicon Valley big tech like Facebook.
Penalties, for now, are small compared to the billions levied in EU antitrust violations. That is expected to change as sanctions are probed and legal precedents set.
DLA Piper partner Ross McKean said that in principle, fines of 2 percent or even 4 percent of global annual sales can be levied. Bigger penalties will have to hold up in court, however.
“It’s going to take time, the regulators are going to be wary about going to 4 percent because they are going to get appealed,” McKean told Reuters. “And you lose credibility as a regulator if you’re blown up on appeal.”
To date, the biggest violation threat was against British Airways owner IAG due to a €183 million ($239 million) data breach affecting half a million people.
“The total amount of fines of 114 million euros imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement,” McKean told Bloomberg in a statement.
“We expect to see momentum build with more multi-million euro fines being imposed over the coming year as regulators ramp up their enforcement activity,” he added.
Featured News
House Budget Bill’s Moratorium on State AI Laws Could Undo A Range of Tech Regs, Critics Say
May 14, 2025 by
CPI
Microsoft Nears EU Antitrust Resolution Over Teams Bundling, Sources Say
May 14, 2025 by
CPI
CMA Investigates Aviva’s £3.6B Acquisition of Direct Line Group
May 14, 2025 by
CPI
Google Urges Texas Judge to Disregard Virginia Antitrust Ruling
May 14, 2025 by
CPI
Anthropic Ordered to Respond After AI Allegedly Fabricates Citation in Legal Filing
May 14, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Healthcare Antitrust
May 14, 2025 by
CPI
Healthcare & Antitrust: What to Expect in the New Trump Administration
May 14, 2025 by
Nana Wilberforce, John W O'Toole & Sarah Pugh
Patent Gaming and Disparagement: Commission Fines Teva For Improperly Protecting Its Blockbuster Medicine
May 14, 2025 by
Blaž Višnar, Boris Andrejaš, Apostolos Baltzopoulos, Rieke Kaup, Laura Nistor & Gianluca Vassallo
Strategic Alliances in the Pharma Sector: An EU Competition Law Perspective
May 14, 2025 by
Christian Ritz & Benedikt Weiss
Monopsony Power in the Hospital Labor Market
May 14, 2025 by
Kevin E. Pflum & Christian Salas