European data regulators deployed €2.92bn in GDPR fines last year, a year-on-year increase of 168%, according to a survey from DLA Piper.
Among the largest fines levied were those against Meta Platforms. The largest fine of the year was issued to Meta by the Irish D Protection Commissioner, which fined the company €405m for alleged failures to protect children’s personal ID.
Several of the fines Meta received this year was imposed by the Irish DPC related to Facebook and Instagram’s behavioural profiling of users and whether the lawful basis of of “contract necessity” can be used to legitimise the mass harvesting of personal data.
While the size of the fines increased, the propensity of data breaches notified to supervisory authorities decreased. The average daily total dropped from 328 notifications to 300.
DLA Piper global co-chair data protection and cybersecurity Ewa Kurowska-Tober said, “A proportionate, risk-based approach to the interpretation of GDPR’s restrictions on international transfers of personal data is not just permitted but, in our view, legally required.
“Adopting an “absolutist” approach to transfer restrictions and effectively outlawing any transfer of personal data, however trivial the risk of harm, risks real lasting harm to consumers.
“Transfers have many benefits for consumers and for society, by ensuring the rapid development and roll-out of vaccines, by enabling effective oversight and regulation of business and by providing access to online services enjoyed by billions of people. We hope that supervisory authorities reconsider the absolutist approach adopted in these early enforcement decisions.”
In other data protection news, a report from Veeam Software found that four out of five organisations have an ‘availability gap’ between how quickly they need their systems to be recoverable and how quickly IT can bring them back.
It also found that 79% had a ‘protection gap’ between how much data they can lose and how frequently IT protects their data.
Copyright © 2023 FinTech Global