EU’s Data Regulations Continue to Catch Companies Out

The European Union’s General Data Protection Regulations (GDPR) continue to catch out aberrant companies, with regulators collecting more than USD1.2 million each day in penalties on average through the first 120 days of 2024.
Research by FinBold reveals 76 companies have paid almost USD150 million in fines this year, though one company, Italian energy entity Enel Energia, paid USD86 million of the total. That fine was due to Enel illicitly acquiring the personal information of several hundred people for telemarketing purposes.
Other major violators include Amazon France Logistique, which was found responsible for infringing on its workers’ privacy and fined nearly USD35 million. The Czech government also fined Avast Software USD15 million for handing users’ data to an external, personalized marketing company. Many of the biggest data privacy and security violations penalized in 2024 occurred between 2018 and 2020, highlighting the backlog of issues European watchdogs are dealing with.
“Ultimately, while the actions of European law enforcement since the start of 2024 highlight the bloc’s commitment to ensuring data security and privacy for the people of Europe, the timing of many of the most severe violations showcases the scale of the issue and hints toward possible deficiencies in the system given the apparent tardiness of the fining,” said FinBold analyst Andreja Stojanovic. “The matter is especially pointed given that the GDPR was passed partly to streamline data protection enforcement and expedite the regulators’ efforts.”
Since the introduction of the GDPR policy in 2018, 2,083 fines have been issued, with penalties amounting to USD4.9 billion by the end of April 2024.