2021 has been a crazy year. A year that most people would have thought that the COVID-19 pandemic would be more under control. However, summer 2021 has also been a fantastic sport summer, from the European Football Championship to the Olympic games. Nonetheless, this year newspaper headlines weekly talked about data leaks, cybercrimes and hefty GDPR fines. Hence, in this article, we will have a closer look at the top five fines of 2021. Let’s get started!
In July 2021, Amazon got handed a massive fine from Luxembourg’s National Commission for Data Protection. Amazon is based in Luxembourg. Therefore, it must comply with the GDPR. According to Luxembourg’s Commission for Data Protection, Amazon’s procession of personal data does not comply with the EU’s GDPR. It is not the first time Amazon was fined for violating privacy rules. In 2020, Amazon received a fine of €35 Million because it violated the rules for incorrect using cookies for advertising on their website. Al with all, lets hope for Amazon that the fine of €746 Million is their last.
Since 2018 the Irish’s Data Protection Commission has been investigating WhatsApp for violating the GDPR. Finally, in 2021, the ruling came that WhatsApp was issued a fine for €225 million. The fine resulted from breaching the GDPR’s transparency and data subject information obligations. More specifically, WhatsApp failed to inform data subjects about the information processing between WhatsApp and other Facebook – now Meta – companies.
Early 2021 kicked off with a €10.4 million fine for a German company. The German State Commissioner for Data Protection – LfD – ruled that notebookbilliger.de has an insufficient legal basis for data processing. In this case, notebookbilliger.de had monitored its employees by video for two years without any legal basis. The company argued that the video cameras aimed to prevent and investigate crimes and track the flow of goods in the warehouse. The LfD reasoned that the company could have taken milder steps first before installing video cameras.
This story unraveled in 2019, the Austrian Data Protection Authority launched an investigation against the Austrian national postal service. The investigation sought to investigate whether the Austrian post collected personal data to offer marketing services to various third parties. In 2019, the Austrian Data Protection Authority issued a fine of €18 million, which got overruled in 2020. Nonetheless, in 2021 the Austrian Data Protection Authority imposed a fine of €9.5 million.
From 2018 till 2019, the Spanish Data Protection Authority received 191 complaints about cases concerning telephone calls and text messages that had opposed processing their data for advertising. Moreover, the Spanish Data Protection Authority also detected international data transfer to a third country which also conducted advertising actions. This resulted in €8.15 million fine.
These fines are just the tip of the iceberg of all the fines imposed in 2021. Unsure about whether your company is GDPR compliant and want to know more? Take a look at our solutions, or feel free to contact us and become a master in privacy.
Audittrail is an audit and advisory organisation in the field of security, privacy and GRC. Audittrail supports organisations with setting up awareness programs and offers organisations insight into the awareness level of its employee. Are you interested in how your organisation responds to a phishing email, or do you have questions about this article? Let us know via email@example.com or through + 31 71 747 17 17