The latest data analyzed by Atlas VPN reveals that as of December 2022, companies paid a total of €2.83 billion in 1401 cases for violating various data protection laws.
Out of that, GDPR fines in 2022 total €832 million, which is 36% lower than the €1.3 billion paid in 2021.
However, last year stands out not in the total sum fined but in the severity of the charges imposed on a single entity — Meta.
The data for the analysis was extracted from Enforcementtracker. Note that not all cases are made public.
While the heftiest sum charged for violations was recorded in Q3 of 2021, the third quarter of 2022 was also significant, as businesses were penalized €430 million.
Meta fined hundreds of millions repeatedly
Distinctively, the majority of the penalties in 2022 were paid by a single tech behemoth – Meta.
The Data Protection Commission (DPC), an authority for GDPR enforcement in Ireland, imposed a €405 million fine for Meta Platforms Ireland Limited (Instagram) on September 5th, 2022.
Two issues were found with the processing of personal data pertaining to child users of Instagram.
The children’s email addresses and phone numbers were publicly exposed when using the Instagram business account function, and Instagram profiles of children were public-by-default.
Another hefty sum of €265 million was penalized to the same entity on November 25th, 2022, when the DPC declared that Meta had infringed two articles of the EU’s data protection laws after details of Facebook users from around the world were scraped from public profiles in 2018 and 2019.
Moreover, the DPC issued a “reprimand and an order” forcing Meta to “bring its processing into compliance by executing a range of specified remedial activities within a specific deadline”.
Meta complied and made the adjustments within the required timeframe.
To date, Meta has paid around €1 billion for GDPR violations.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
AddThis sets this cookie to track page visits, sources of traffic and share counts.
Set to record internal statistics for anonymous visitors.
1 year 1 month
addthis.com sets this cookie to determine the usage of addthis.com service.
1 year 1 month 4 days
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
Google Analytics sets this cookie to store a unique user ID.
1 year 1 month 4 days
Google Analytics sets this cookie to store and count page views.
Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
1 year 24 days
Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites.