New data from DLA Piper shows that the cost of GDPR fines has surged 168% over the past year to over €2.9 billion ($3.1 billion), but the average number of violations reported per day is just Decreased.
The global law firm’s annual report records all published financial penalties imposed by data protection regulators in the 27 member states of the EU, the United Kingdom, Norway, Iceland and Liechtenstein. was analyzed. However, it warns that more fines may be issued and not made public.
Meta faces the biggest fine last year after Ireland’s Data Protection Commissioner (DPC) fined it €405 million ($429 million) for failing to protect the personal information of children using Instagram. was sentenced to
Most recently, the social networking giant was fined €390 million ($413 million) by the same regulator for GDPR violations related to its choice of legal basis for processing user data. it was done.
Ross McKean, chair of DLA Piper’s UK Data Protection and Cybersecurity Group, said these fines attacked the “grand bargain” between consumers and advertisers that underpins much of the commercial internet. claimed to be.
“This year, a spate of fines by the Irish Data Protection Commission targeting behavioral advertising practices on social media platforms, like Schrems, threaten the future of the ‘grand bargain’ at the heart of today’s ‘free’ internet at all points. can get serious. II was for international data transfers,” he argued.
On the latter point, the report earlier this year cited national data protection supervisory authorities’ claims that a risk-based approach cannot be taken when assessing transfers of personal data to “third countries.”
This effectively means a ban on transfers to countries where possible state access to the data poses a risk of harm.
However, DLA Piper’s Ewa Kurowska-Tober argued that such an “absolutist” approach risks harming consumers in the long run.
“A proportional and risk-based approach to interpreting the GDPR’s restrictions on international transfers of personal data is not only permissible, but, in our view, legally required,” she added.
“Remittances will help consumers and society by ensuring the rapid development and deployment of vaccines, enabling effective oversight and regulation of businesses, and providing access to online services enjoyed by billions of people. We hope that supervisors will reconsider the absolutist approach taken in these early enforcement decisions.”
The report also revealed that the average number of infringement notifications across the region decreased year-over-year from 328 to 300.
However, instead of demonstrating better data protection for organizations, DLA Piper is caused by corporate legal teams being wary of notifying breaches for fear of investigations, fines and claims. suggests that it may be
