A Year Into GDPR, Fines Total €56M

A year after the debut of Europe’s General Data Protection Regulation (GDPR), a total of €56 million ($62 million) in fines have been doled out.

According to a report in 9to5Google, citing legal database Lexology, there were more than 200,000 investigations in the first year of GDPR, with 64,000 upheld. Of the total €56 in fines, €50 million was levied against Google after France’s National Data Protection Commission found it didn’t meet the transparency rules about how it collects data and displays ads. Outside of Google, GRPR fines were relatively small sums. Some countries, including Slovakia and Sweden, haven’t issued any fines, while others, such as Poland, Portugal and Spain, have fined companies several hundred thousand euros.

Ireland has been watched closely, because several tech giants have their European headquarters in the country. While Apple has been one subject of investigations, the BBC reported that of the 19 inquiries, 11 are examining Facebook and its business units, including Instagram and WhatsApp.

Outside of Facebook, Ireland’s Data Protection Commission is also looking into Twitter and LinkedIn data policies as they pertain to GDPR, and has opened a probe into how Google collects personal data for targeted advertising.

Of Ireland’s 19 investigations, the BBC reported that nine were prompted by complaints from individuals, while 10 were launched by the government agency. The main concerns focused on how the tech companies process data, the lack of transparency in how they collect personal data and consumers’ ability to access their data.

“We spent more than 18 months working to ensure we comply with the GDPR,” a Facebook spokesman told the BBC. “We made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download and delete their information. We are in close contact with the Irish Data Protection Office to ensure we are answering any questions they may have.”