2023 was a record year for GDPR enforcement with aggregate fines increasing by more than 14% to EUR 1.78bn and a new record fine of EUR 1.2bn levied against Meta

en

The 2024 edition of global law firm DLA Piper’s annual GDPR and Data Breach Survey also reveals total fines issued for a wide range of GDPR infringements and the league table of fines issued by country since 28 January 2023. The survey covers all 27 Member States of the European Union, plus the UK, Norway, Iceland and Liechtenstein.

<< Back
06/02/2024 |
  • DLA Piper

Global law firm DLA Piper has published the findings of its annual GDPR and Data Breach Survey***:

Ireland continues in pole position this year with the highest aggregate GDPR fines issued since 25 May 2018 and also takes the top spot for the largest ever fine imposed, relegating Luxembourg to second place. The total value of GDPR fines imposed in Ireland is now EUR 2.86 billion. As Ireland is a popular location for technology companies to set up their main establishment in the EU, it is not surprising that it has rocketed to the top spot of the country league table for the aggregate value of fines imposed.  

The GDPR restrictions on the transfer of personal data to third countries remain an enforcement priority for European supervisory authorities, with a EUR 1.2 billion fine issued against Meta in Ireland, the highest fine ever imposed, being the standout - but also multiple enforcement actions by regulators across the EU for alleged illegal transfers of personal data. 

This year supervisory authorities across Europe have issued a total EUR 1.78 billion in fines since 28 January 2023, which is an increase of 14.10% on the total of EUR 1.56 billion issued in the year from 28 January 2022. This is a much smaller increase than the 50% reported last year, which has mainly been driven by a number of successful appeals in various jurisdictions, which have seen fines reduced or in some cases completely overturned, as well as fewer fines issued by European data protection authorities following opinions and binding decisions of the European Data Protection Board under the GDPR consistency mechanism.

Social media and big tech remain the primary target for record fines across the countries surveyed with each of the top ten largest fines issued since 25 May 2018 being imposed on businesses in this sector.  This year has seen the battle rage over the “grand bargain”, which has enabled service providers to fund the development of progressive consumer services in exchange for monetising their data since the earliest days of the internet.  That bargain is now under sustained attack by European supervisory authorities and Europe’s highest court, the CJEU, and plans by some service providers to move to a “pay or okay” model are set for a bumpy ride with regulators and privacy activists. 

Failure to comply with the core GDPR principles continue to be the most frequently cited justification for fines across the jurisdictions surveyed and failures to comply with the lawfulness, fairness and transparency principle remain the top enforcement priority. Fines resulting from breach of the integrity and confidentiality principle - and the related Article 32 – security of processing – also continue to feature across all jurisdictions surveyed.

Continuing the trend of the last couple of years, on average there were 335 breach notifications per day from 28 January 2023 to 27 January 2024 compared to 328 during the same period last year. Allowing for the margin of error, there is effectively no year-on-year change in the number of breach notifications made. Germany, the Netherlands, and Poland have reported the highest number of data breaches notified from 28 January 2023 to 27 January 2024, with 32,030, 20,235 and 14,167 respectively. Denmark is at the top of the table for the number of breach notifications made per 100,000 capita.

** Not all the countries covered by this report make breach notification statistics publicly available and many provided data for only part of the period covered by this report. We have, therefore, had to extrapolate the data to cover the full period. It is also possible that some of the breaches reported relate to the regime before GDPR. As a number of data protection supervisory authorities have now issued annual reports for 2023, some figures in last year’s report that were previously extrapolated have been updated in this report.

*** The survey takes a look at key GDPR metrics EEA and the UK since GDPR first applied on 25 May 2018 and for the year commencing 28 January 2023.  The EEA includes all 27 Member States of the European Union plus Norway, Iceland and Liechtenstein. The UK left the EU on 31 January 2020.  The UK has implemented GDPR into law in each of the jurisdictions within the UK (England, Northern Ireland, Scotland and Wales).  As at the date of this survey the UK GDPR is the same in all material respects as the EU GDPR.  That said, the UK Government is proposing to legislate changes to UK data protection laws and has published the Data Protection and Digital Information Bill.  It remains to be seen the extent to which these changes will deviate from the EU GDPR.

Back to top  | << Back

Communiqués liés

DLA Piper
06/02/2024

2023 was a record year for GDPR enforcement with aggregate f...

The 2024 edition of global law firm DLA Piper’s annual GDPR and Data Breach Su...

DLA Piper
DLA Piper
13/09/2023

AI governance posing biggest challenge to AI deployment reve...

Findings reveal that over a third of organizations are not confident their AI de...

DLA Piper
DLA Piper
16/08/2023

DLA Piper advises on investment in NATO Innovation Fund

The Luxembourg and Polish offices of the global law firm DLA Piper have assisted...

DLA Piper
Guillaume Schaefer Personality web crop
03/07/2023 Personnalités

DLA Piper Luxembourg announces promotion of four new counsel...

DLA Piper Luxembourg is delighted to announce the promotion of six individuals w...

DLA Piper
NOVA  FRONT BUILDING Med Res NO TRAM)
17/04/2023

DLA Piper Luxembourg announces 2023 move to flagship buildin...

Global law firm DLA Piper has signed a lease agreement which will see its Luxemb...

DLA Piper
DLA Piper
23/02/2023

1,64 milliard d'euros d'amendes par les autorités européen...

Le chiffre de 1,64 milliard d’Euros est tiré de la dernière enquête annuell...

DLA Piper

Il n'y a aucun résultat pour votre recherche

We use cookies to ensure the best experience on our website. By accepting you agree the use of cookies. OK Learn more