GDPR fines and notices: Difference between revisions
Rkranendonk (talk | contribs) Two small textual changes because we now include notices. |
Rkranendonk (talk | contribs) Added the UNICREDIT fine |
||
Line 53: | Line 53: | ||
|- |
|- |
||
| 2019-07-08 || [[British Airways]] || £183 million || UK ([[Information Commissioner's Office|ICO]]) || Use of poor security arrangements that resulted in a 2018 [[web skimming]] attack affecting 500,000 consumers.<ref>{{Cite news|url=https://www.bbc.com/news/business-48905907|title=British Airways faces record £183m fine for data breach|date=2019-07-08|access-date=2019-07-08|language=en-GB}}</ref><ref>{{Cite news|url=https://www.theguardian.com/business/2019/jul/08/ba-fine-customer-data-breach-british-airways|title=BA faces £183m fine over passenger data breach|last=Sweney|first=Mark|date=2019-07-08|work=The Guardian|access-date=2019-07-08|language=en-GB|issn=0261-3077}}</ref><ref>{{Cite web|url=http://social.techcrunch.com/2019/07/08/uks-ico-fines-british-airways-a-record-183m-over-gdpr-breach-that-leaked-data-from-500000-users/|title=UK’s ICO fines British Airways a record £183M over GDPR breach that leaked data from 500,000 users|website=TechCrunch|language=en-US|access-date=2019-07-08}}</ref> |
| 2019-07-08 || [[British Airways]] || £183 million || UK ([[Information Commissioner's Office|ICO]]) || Use of poor security arrangements that resulted in a 2018 [[web skimming]] attack affecting 500,000 consumers.<ref>{{Cite news|url=https://www.bbc.com/news/business-48905907|title=British Airways faces record £183m fine for data breach|date=2019-07-08|access-date=2019-07-08|language=en-GB}}</ref><ref>{{Cite news|url=https://www.theguardian.com/business/2019/jul/08/ba-fine-customer-data-breach-british-airways|title=BA faces £183m fine over passenger data breach|last=Sweney|first=Mark|date=2019-07-08|work=The Guardian|access-date=2019-07-08|language=en-GB|issn=0261-3077}}</ref><ref>{{Cite web|url=http://social.techcrunch.com/2019/07/08/uks-ico-fines-british-airways-a-record-183m-over-gdpr-breach-that-leaked-data-from-500000-users/|title=UK’s ICO fines British Airways a record £183M over GDPR breach that leaked data from 500,000 users|website=TechCrunch|language=en-US|access-date=2019-07-08}}</ref> |
||
|- |
|||
| 2019-06-27 || [[UNICREDIT BANK S.A.]] || €130,000 || Romania ([[Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal|ANSPDCP]]) || failure to implement appropriate technical and organisational measures<ref>{{Cite web|url=https://www.dataprotection.ro/index.jsp?page=Comunicat_Amenda_Unicredit&lang=en|title=First Fine For The Application Of Gdpr|date=2019-07-04|access-date=2019-07-09|language=en-GB}}</ref><ref>{{Cite web|url=https://edpb.europa.eu/news/national-news/2019/first-fine-romanian-supervisory-authority_en|title=First fine by the Romanian Supervisory Authority|date=2019-07-05|access-date=2019-07-09|language=en-GB}}</ref> |
|||
|} |
|} |
||
Revision as of 09:43, 9 July 2019
This article needs additional citations for verification. (June 2019) |
The General Data Protection Regulation (GDPR) is a European Union regulation that specifies standards for data protection and electronic privacy in the European Economic Area, and the rights of European citizens to control the processing and distribution of personally-identifiable information.
Violators of GDPR may be fined up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.[1] The following is a list of fines and notices issued under the GDPR, including reasoning.
Date | Company | Amount | Issued by | Reason(s) |
---|---|---|---|---|
2018-10 | Hospital do Barreiro | €400,000 | Portugal (CNPD) | "...based on access policies to databases, which allowed technicians and physicians to consult patients’ clinical files, without proper authorization."[2] |
2018-11-21 | Knuddels.de (German social network) | €20,000 | Germany (LfDI) | "...unauthorized access to and disclosure of personal data of around 330,000 users, including passwords and email addresses."[3] |
2019-06-18 | Unnamed police officer | €1,400 | Germany (LfDI) | Autonomously processing personal data for non-legal purposes.[4] |
2019-01-21 | Google LLC | €50 million | France (CNIL) | Insufficient transparency, control, and consent over the processing of personal data for the purposes of behavioural advertising.[5][6] |
2019-03-15 | Bisnode (business, credit and market information) | €220,000 | Poland (UODO) | |
2019-03-16 | Lower Silesian Football Association | €13,000 | Poland (UODO) |
Listing personal information of 585 referees on its website.[8] |
2019-04-04 | Rousseau (participatory democracy platform) | €50,000 | Italy (GPDP) | Failing to protect users' personal data.[9] |
2019-05-08 | The Municipality of Bergen | €170,000 | Norway (Datatilsynet) |
File with login credentials for 35,000 students and employees found in a public storage area.[10] |
2019-05-16 | MisterTango UAB (payment services) | €61,500 | Lithuania (ADA) | Processing more personal data than is necessary for effecting of the payment.[11] |
2019-05-28 | Unnamed Belgian mayor | €2,000 | Belgium (GBA/ADP) | Misuse of personal data collected for local administrative purposes for election campaign purposes.[12] |
2019-06 | La Liga | €250,000 | Spain (AEPD) | Poorly disclosing purpose for requesting GPS and microphone permissions within the football league's mobile app. When the app was open, it transmitted the user's location if it detected an acoustic fingerprint embedded within game telecasts. This was used to help pinpoint the locations of venues that may be screening the games from unauthorized feeds.[13][14] |
2019-06-18 | Sergic (real estate services) | €400,000 | France (CNIL) |
Failure to implement appropriate security measures; failure to define appropriate data retention periods for the personal data of unsuccessful rental candidates. [15] |
2019-06-11 | IDDesign A/S (furniture) | DKK 1,5 million | Denmark (Datatilsynet) | Failure to delete personal data from an older system: processing personal data for a longer time than necessary.[16] |
2019-06-18 | Uniontrad Company (translation services) | €20,000 | France (CNIL) |
Excessive video surveillance of employees; single, shared password for messaging system; ignoring earlier CNIL order to change practices.[17] |
2019-06-24 | EE (telecoms) | £100,000 | UK (ICO) | Sending over 2.5 million direct marketing messages to its customers, without consent.[18][19] |
2019-07-08 | British Airways | £183 million | UK (ICO) | Use of poor security arrangements that resulted in a 2018 web skimming attack affecting 500,000 consumers.[20][21][22] |
2019-06-27 | UNICREDIT BANK S.A. | €130,000 | Romania (ANSPDCP) | failure to implement appropriate technical and organisational measures[23][24] |
References
- ^ "L_2016119EN.01000101.xml". eur-lex.europa.eu. Archived from the original on 10 November 2017. Retrieved 28 August 2016.
{{cite web}}
: Unknown parameter|dead-url=
ignored (|url-status=
suggested) (help) - ^ "Hospital Do Barreiro fined by Comissão Nacional de Protecção de Dados in 400,000 Euro for allowing improper access to clinical files". 24 June 2019. Retrieved 27 June 2019.
- ^ "Data Protection Authority of Baden-Württemberg Issues First German Fine Under the GDPR". 23 November 2018. Retrieved 27 June 2019.
- ^ "German Data Protection Authority of Baden-Württemberg fines an employee of a public body". 24 June 2019. Retrieved 26 June 2019.
- ^ Fox, Chris (21 January 2019). "Google hit with £44m GDPR fine". BBC News. Retrieved 14 June 2019.
- ^ Porter, Jon (21 January 2019). "Google fined €50 million for GDPR violation in France". The Verge. Retrieved 14 June 2019.
- ^ Lomas, Natasha (30 March 2019). "Covert data-scraping on watch as EU DPA lays down 'radical' GDPR red-line". TechCrunch. Retrieved 24 June 2019.
- ^ Clark, Sam (17 May 2019). "Polish watchdog issues second GDPR fine". Global Data Review. Retrieved 24 June 2019.
- ^ "5Stars defend their digital democracy in face of privacy sanction". Politico. 19 April 2019. Retrieved 27 June 2019.
- ^ "Administrative fine of 170.000 € imposed on Bergen Municipality". Datatilsynet. 12 April 2019. Retrieved 24 June 2019.
- ^ "First Significant Fine Was Imposed for the Breaches of the General Data Protection Regulation in Lithuania". 21 May 2019. Retrieved 24 June 2019.
- ^ Fiten, Bernd (3 June 2019). "First GDPR fine in Belgium: € 2000 imposed on a mayor". Retrieved 24 June 2019.
- ^ "LaLiga facing €250k fine for GDPR violations in app used to spy on users". TechRepublic. Retrieved 14 June 2019.
- ^ Geigner, Timothy. "La Liga Fined 250K Euros For Using Mobile App To Try To Catch 3rd Party Pirates". Techdirt. Retrieved 14 June 2019.
- ^ Lanois, Paul (21 June 2019). "Videosurveillance: CNIL issues fine of 20,000 euros against a small company in France". Fieldfisher. Retrieved 24 June 2019.
- ^ "Danish DPA set to fine furniture company". 11 June 2019. Retrieved 24 June 2019.
- ^ Lanois, Paul (21 June 2019). "Videosurveillance: CNIL issues fine of 20,000 euros against a small company in France". Fieldfisher. Retrieved 24 June 2019.
- ^ "EE fined £100,000 for unlawful texts". BBC News. 24 June 2019. Retrieved 24 June 2019.
- ^ "ICO fines telecoms company EE Limited for sending unlawful text messages". ICO. 24 June 2019. Retrieved 24 June 2019.
- ^ "British Airways faces record £183m fine for data breach". 8 July 2019. Retrieved 8 July 2019.
- ^ Sweney, Mark (8 July 2019). "BA faces £183m fine over passenger data breach". The Guardian. ISSN 0261-3077. Retrieved 8 July 2019.
- ^ "UK's ICO fines British Airways a record £183M over GDPR breach that leaked data from 500,000 users". TechCrunch. Retrieved 8 July 2019.
- ^ "First Fine For The Application Of Gdpr". 4 July 2019. Retrieved 9 July 2019.
- ^ "First fine by the Romanian Supervisory Authority". 5 July 2019. Retrieved 9 July 2019.