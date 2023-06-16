Fines May 2023

Top 3 Most Active Regulators by Volume of Fines

  1. Agencia Española de Protección de Datos (Spain)
  2. Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Persona (Romania)
  3. Garante per la protezione dei dati personali (Italy)

Top 3 Most Active Regulators by Value of Fines

  1. Data Protection Commission (Ireland)
  2. The Information Commissioners Office (UK)
  3. Commission Nationale de l'Informatique et des Libertés – CNIL (France)

Top 3 Most Active Regulators by Volume of Fines

  1. Agencia Española de Protección de Datos (Spain)
  2. Garante per la protezione dei dati personali (Italy)
  3. Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (Romania)

Top 3 Most Active Regulators by Value of Fines

  1. Data Protection Commission (Ireland)
  2. The Information Commissioners Office (UK)
  3. Úřad pro ochranu osobních údajů (Czech Republic)

Top Fine

  • The Irish Data Protection Authority (DPA) determined that personal data transferred to the US under the updated Standard Contractual Clauses (SCCs) nevertheless breached the GDPR. 
  • The European Data Protection Board required the Irish DPA to impose a record fine of €1.2 billion.
  • The decision is being appealed but is a reminder that organizations should not rely on SCCs alone when transferring EEA data to the US.

Key Takeaways

  • When considering AI, ensure that it meets the 'privacy by design' principles. AI is the next large battleground for data privacy with Clearview AI and OpenAI / ChatGPT as high-profile examples.
  • Regulators are active across almost all European jurisdictions demonstrating a need for broad compliance.
  • While the largest fines are reserved for multi-nationals, the vast majority of GDPR fines are against comparatively small organizations and public authorities.

