ARTICLE
19 October 2023

GDPR Enforcement: September 2023

SJ
Steptoe LLP

Contributor

In more than 100 years of practice, Steptoe has earned an international reputation for vigorous representation of clients before governmental agencies, successful advocacy in litigation and arbitration, and creative and practical advice in structuring business transactions. Steptoe has more than 500 lawyers and professional staff across the US, Europe and Asia.
Top 3 Most Active Regulators by Volume of Fines 1. Agencia Española de Protección de Datos (Spain) 2. Croatian Personal Data Protection Agency (Croatia)...
United States Privacy
To print this article, all you need is to be registered or login on Mondaq.com.

Fines September 2023

1379140a.jpg

Top 3 Most Active Regulators by Volume of Fines

1. Agencia Española de Protección de Datos (Spain)

2. Croatian Personal Data Protection Agency (Croatia)

3. Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Persona (Romania)

Fines September 2023

1379140b.jpg

Top 3 Most Active Regulators by Value of Fines

1. Data Protection Commission (Ireland)

2. The Information Commissioners Office (UK)

3. Agencia Española de Protección de Datos (Spain)

Fines YTD September 2023

1379140c.jpg

Top 3 Most Active Regulators by Volume of Fines

1. Agencia Española de Protección de Datos (Spain)

2. Garante per la protezione dei dati personali (Italy)

3. Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (Romania)

Fines YTD September 2023

1379140d.jpg

Top 3 Most Active Regulators by Value of Fines

1. Data Protection Commission (Ireland)

2. Commission Nationale de l'Informatique et des Libertés – CNIL (France)

3. The Information Commissioners Office (UK)

Top Fine

  • The Irish Data Protection Commissioner ("DPC") sanctioned a social media platform for insufficient protection of child users.
  • In particular, the DPC found that the social platform's privacy settings, age verification process and transparency measures relating to child users were not aligned with GDPR.
  • The DPC thus issued:
    • A reprimand;
    • An order requiring to bring the processing into compliance within three months; and
    • An administrative fine of €345 million.

Key Takeaways

  • European Data Protection Authorities remain very stringent regarding failure to implement technical and organizational measures and resulting personal data breaches.
  • Despite the existence of GDPR violations, the Belgian Data Protection Authority dismissed a complaint on the grounds that the breaches did not result in a major social and/or personal impact; hence the resources required to investigate the complaint would be disproportionate.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More