Fines May 2023
Top 3 Most Active Regulators by Volume of Fines
- Agencia Española de Protección de Datos (Spain)
- Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Persona (Romania)
- Garante per la protezione dei dati personali (Italy)
Fines May 2023
Top 3 Most Active Regulators by Value of Fines
- Data Protection Commission (Ireland)
- The Information Commissioners Office (UK)
- Commission Nationale de l'Informatique et des Libertés – CNIL (France)
Fines YTD May 2023
Top 3 Most Active Regulators by Volume of Fines
- Agencia Española de Protección de Datos (Spain)
- Garante per la protezione dei dati personali (Italy)
- Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (Romania)
Fines YTD May 2023
Top 3 Most Active Regulators by Value of Fines
- Data Protection Commission (Ireland)
- The Information Commissioners Office (UK)
- Úřad pro ochranu osobních údajů (Czech Republic)
Top Fine
- The Irish Data Protection Authority (DPA) determined that personal data transferred to the US under the updated Standard Contractual Clauses (SCCs) nevertheless breached the GDPR.
- The European Data Protection Board required the Irish DPA to impose a record fine of €1.2 billion.
- The decision is being appealed but is a reminder that organizations should not rely on SCCs alone when transferring EEA data to the US.
Key Takeaways
- When considering AI, ensure that it meets the 'privacy by design' principles. AI is the next large battleground for data privacy with Clearview AI and OpenAI / ChatGPT as high-profile examples.
- Regulators are active across almost all European jurisdictions demonstrating a need for broad compliance.
- While the largest fines are reserved for multi-nationals, the vast majority of GDPR fines are against comparatively small organizations and public authorities.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.