Ireland levied more than half of Europe’s privacy fines in 2024
The Irish Data Protection Commission (DPC) was responsible for enforcing more than half of the €1.2 billion in European data fines in 2024.
The latest GDPR Fines and Data Breach Survey from legal firm DLA Piper shows that the biggest fines imposed by the DPC last year included a €310m penalty against LinkedIn and €251m fine against Meta.
The research shows that Ireland remains the biggest GDPR enforcer, issuing €3.5 billion in fines since the law came into force in May 2018.
That is more than four times the value of fines issued by the second place Luxembourg Data Protection Authority which has issued €746.38m in fines over the same period.
The total fines reported since the application of GDPR in 2018 now stand at €5.88 billion.
The largest fine ever imposed under the GDPR remains the €1.2 billion penalty issued by the Irish DPC against Meta in 2023.
The 2024 total of €1.2 billion in fines is a 33% decrease compared to the aggregate fines imposed in the previous year, bucking the seven-year trend of increasing enforcement.
According to DLA Piper, this does not represent a shift in focus from personal data enforcement, rather the reduction is almost entirely due to the record-breaking €1.2 billion fine against Meta falling in 2023.
There was no record breaking fine in 2024.
Big tech companies and social media giants continued to be the primary targets for fines, but 2024 also saw the expansion of enforcement into other sectors, including financial services and energy.
For example, the Spanish Data Protection Authority issued two fines totalling €6.2m against a large bank for inadequate security measures, and the Italian Data Protection Authority fined a utility provider €5m for using outdated customer data.
The average number of breach notifications per day increased slightly to 363 from 335 the previous year.
“The headline figures in this year’s survey have, for the first time ever, not broken any records so you may be forgiven for assuming a cooling of interest and enforcement by Europe’s data regulators,” said John Magee, Partner and Global Co-Chair Data, Privacy and Cybersecurity Group at DLA Piper.
“This couldn’t be further from the truth,” he stated.
“From growing enforcement in sectors away from big tech and social media, to the use of the GDPR as an incumbent guardrail for AI enforcement as AI specific regulation falls into place, and supervisory authorities looking to impose personal liability on company directors, GDPR enforcement remains a dynamic and evolving arena with Ireland’s DPC remaining at the forefront as Europe’s leading data regulator,” Mr Magee said.
Article Source – Ireland levied more than half of Europe’s privacy fines in 2024 – survey – RTE
