European regulators have imposed 114 million euros ($126 million) in fines for data breaches since tougher privacy rules came into force in mid-2018, with approaches varying widely from country to country.
A report by law firm DLA Piper said France has imposed the biggest single fine – of 50 million euros against Google – while the Netherlands, Britain and Germany led in terms of the number of data breach notifications.
The General Data Protection Regulation was introduced in an effort to safeguard sensitive personal information and prescribes stiff penalties if companies lose control of data or process it without proper consent.
It is enforced by a patchwork of national data protection offices across the 28-member European Union, with responsibility falling disproportionately on Ireland – the ‘lead’ regulator for Silicon Valley giants that have based their European operations there, such as Facebook .
The fines to date pale in comparison to multibillion-euro penalties imposed in EU anti-trust cases, but they are likely to rise over time as appeals and litigation subject the sanctions to scrutiny and create legal precedents.