The General Data Protection Regulation (GDPR) came into force in November 2018 to standardize the rules for processing personal data across the EU. Violations of the GDPR sometimes result in high fines. But even outside the EU there is a risk of fines if the applicable data protection laws are ignored.
The Gisma University of Applied Sciences (www.gisma.de) has examined which companies worldwide have had to pay the highest fines and in which countries the most severe penalties have been imposed. Facebook and Meta lead the ranking with fines totaling 7,1 billion euros.
In 2019, the American consumer protection authority FTC imposed the highest fine for data protection violations in the history of the FTC against Facebook: the internet company had to pay five billion US dollars (4,6 billion euros). The reasons for this were multiple violations of FTC data protection orders from 2012, in which Facebook improperly deceived about the use and protection options for personal user data. The group has been operating under the name Meta Platforms since October 2021 and has had to pay a fine of 1,8 billion euros for three further violations. Further offenses on Instagram and WhatsApp resulted in fines of 405 and 230,5 million euros.
DiDi had to pay a fine of 1,2 billion euros
DiDi is considered the Chinese counterpart to Uber. China's cyber regulator imposed the second-largest fine in the investigation against the company for violations of national laws on network security, data security and personal information protection. Two DiDi executives were also fined CNY 1.000.000 (approx. EUR 144.903) each. Amazon is in third place among the companies with the highest fines, with around 811 million euros resulting from five offenses. Google and the US financial services company Equifax follow in fourth and fifth place with fines of 781 and 522 million euros. This means that four of the five companies with the most expensive violations come from the USA.
The highest fines for German companies
H&M Hennes & Mauritz Online Shop AB & Co. KG paid the highest fine of all German companies to date. In 2020, a fine of around 35,2 million euros was due for spying on the employees of a service center in Nuremberg. Second place among German companies goes to notebooksbilliger.de AG. The online shop for consumer electronics paid a fine of 2021 million euros in 10,4. BREBAU GmbH, a housing company from Bremen, was fined 2022 million euros in 1,9, third place in this ranking. AOK Baden-Württemberg and Volkswagen AG take fourth and fifth place with payments of 1,2 million euros in 2020 and 1,1 million in 2022.
The highest fines come from the USA
Companies worldwide have already had to pay almost twelve billion euros in fines for data protection violations - almost half of them in the USA, which is mainly due to the immense fine for Facebook. Ireland is in second place with around 2,9 billion fines imposed. China takes third place with 1,2 billion euros. This will be due, among other things, to the fact that many global corporations have their headquarters in these countries. Germany is in ninth place with fines imposed amounting to 6,2 million euros.
“Many companies underestimate the importance of data protection, security and ethics or even deliberately ignore them, for example to sell data or analyze the behavior of their customers. Our study analyzed more than 3.000 fines for around 2.500 companies. But there are also complaints against numerous doctors and police officers and over 300 private individuals. With the high fines, the authorities are trying to make it clear that consumers' data should not be handled carelessly.
This highlights the importance of addressing cybersecurity, data security and ethics in education. It is of great importance to understand at an early stage what effective measures can be taken to protect personal data and ensure its ethical use, and to recognize the importance of data protection for both individuals and companies. These aspects are important components of our degree programs, for example in Business Management or in Data Science, AI and Digital Business. This is the only way to prevent data protection violations and the associated fines,” explains Prof. Dr. Mohammad Mahdavi, Professor of Data Science.
More at GUSGermany.com
About Gisma University of Applied Sciences
The Gisma University of Applied Sciences is a state-recognized private university. It brings together students and teachers from over 90 nations around the world on its campus at Jungfernsee in Potsdam. In its twelve programs, it trains students to become sought-after and high-performing talents for the global business world, in management, leadership, data sciences, AI and software engineering.
Matching articles on the topic