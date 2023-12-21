Top 3 Most Active Regulators by Volume of Fines
1. Agencia Española de Protección de Datos (Spain)
2. Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Persona (Romania)
3. The Information Commissioners Office (UK)
Top 3 Most Active Regulators by Value of Fines
1. Datatilsynet (Norway)
2. Agencia Española de Protección de Datos (Spain)
3. The Information Commissioners Office (UK)
Top Fine
- The Norwegian DPA, Datatilsynet, issued a fine of approx. €1.7 million against the Norwegian Labour and Welfare Administration (NAV).
- The main ground for this sanction relates to unsatisfactory "technical and organisational" measures implemented by NAV.
- Datatilsynet is known to be a very stringent data protection authority and this case is a new demonstration that this data protection authority is not more lenient towards public authorities.
- It must be noted that NAV was already sanctioned in 2022 for lack of legal basis, which may explain the high-level value of this new fine.
- The NAV will have an opportunity to comment on the allegations and potentially have the proposed fine reduced.
Key Takeaways
- Thus far, November has been the quietest month in 2023 in terms of GDPR enforcement, with a limited volume and value of fines imposed.
- Lack of legal basis for sending marketing communications remains a key concern for European regulators, as illustrated by the fines imposed by the UK's DPA to three companies.
- The Spanish DPA, AEPD, remains by far the most active regulator and continues to impose fines limited in value.
