EU’s Tough Data Privacy Rules Rake in Biggest Annual Fines
(Bloomberg) -- European Union data protection fines targeting Amazon.com Inc. and Meta Platforms Inc.’s WhatsApp helped push penalties to record levels last year, in a sign that the bloc’s tough privacy rules are starting to bite.
Luxembourg’s data protection authority last year slapped Amazon with its biggest fine since the EU’s General Data Protection Regulation took effect almost four years ago. The U.S. online retailer is challenging the 746 million-euro ($851 million) penalty. The Irish watchdog followed with the second-highest EU fine against WhatsApp, ordering it to pay 225 million euros for failing to be transparent about how it handled personal data.
The two record fines make up a large proportion of all GDPR fines in 2021, according to a report released by law firm DLA Piper on Tuesday. Total penalties rose sevenfold to 1.1 billion euros compared to 158.5 million euros in 2020.
The EU’s GDPR empowers data regulators to levy fines of as much as 4% of a company’s annual revenue for the most serious violations. Tensions have been building among data watchdogs over the amount of time Ireland’s authority is taking to complete probes of the likes of Facebook and Apple Inc. France’s watchdog has started to target U.S. firms including Google, Amazon and Facebook with separate EU rules, fining them record amounts over their cookies policies.
While such record fines over privacy violations make headlines, another challenge facing companies will be to avoid regulatory scrutiny under GDPR. They must ensure they comply with a key EU court ruling in 2020 that limited the options to safely transfer data across the Atlantic, the report said.
©2022 Bloomberg L.P.