Data protection regulators across Europe have imposed fines totaling €28 billion since January 2022, 1,64. This means a 50 percent increase in reported EU GDPR fines compared to last year, according to a report by DLA Piper.
The increase shows the growing confidence and willingness of data protection regulators to impose large fines for violations of the GDPR. It has also been influenced by the use of the cooperation and consistency mechanisms of the GDPR and the European Data Protection Board, which has repeatedly called for significant increases in fines proposed by Member States' data protection supervisory authorities. On average, the fines presented to the EDPB for a judgment in 2022 increased by 630 percent.
Meta group received some of the biggest fines
As predicted in last year's survey, ad tech and behavioral advertising was a top enforcement priority this year. The meta-group received some of the heaviest fines, with the Data Protection Commission of Ireland handing out fines of €210m to Facebook and €180m to Instagram in relation to their profiling practices.
Ireland dominates the top ten fines, with five of the top ten fines being imposed by the Irish Data Protection Commission. Ireland also now tops this year's country ranking for total fines imposed to date, with fines totaling over €1 billion.
Slight decrease in reports
After four consecutive years of growth, the annual total number of data breach notifications fell slightly for the first time in 2022. A total of approximately 28 personal data breaches have been reported to regulators since January 2022, 109.000. The year before it was 120.000 last year. This could indicate that companies are becoming more cautious about reporting violations for fear of investigation, enforcement, fines and claims for damages that could follow.
More at DLApiper.com