The 10 largest GDPR fines on Big Tech

Topics

late

AI

Amazon

Image Credits:Peter Linke(opens in a new window)/Flickr(opens in a new window)under aPublic Domain(opens in a new window)license.

Apps

Biotech & Health

mood

Image Credits:Peter Linke(opens in a new window)/Flickr(opens in a new window)under aPublic Domain(opens in a new window)license.

Cloud Computing

Commerce Department

Crypto

Enterprise

EVs

Fintech

fundraise

gadget

bet on

Google

Government & Policy

computer hardware

Instagram

layoff

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

Startups

TikTok

fare

speculation

More from TechCrunch

Events

Startup Battlefield

StrictlyVC

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

The state of enforcement of the European Union ’s flagship privateness regime , the General Data Protection Regulation ( GDPR ) , on the most sinewy tech giant remains a topic of on-going debate . Below we ’ve compiled a list of the 10 largest GDPR fines impose on Big Tech since the regulation started to apply back in May 2018 .

Meta , the owner of Facebook , Instagram and WhatsApp , tops the inclination , both for receiving the single biggest mulct to appointment ( € 1.2 billion or around $ 1.31 billion at current telephone exchange rates)andbecause it accounts for a absolute majority of these largest penalty ( six or more , depending on whether you count per program ) .

Please note this lean only includes major penalties write out to tech business firm under the GDPR . In late geezerhood , somesignificant sanctionshave also been issued on Big Tech via the bloc ’s older ePrivacy Directive , but you wo n’t observe those listed here .

Penalties issued to tech firms under GDPR

1.Meta(Facebook ): break water € 1.2 billion ( ~$1.31 billion ) inMay 2023by the Irish Data Protection Commission ( DPC ) for violating the regulation on transferring Facebook users ’ personal data out of the European Union .

2.Amazon : Fined € 746 million ( ~$815 million ) inJuly 2021by Luxembourg ’s National Commission for Data Protection ( CNPD ) following complaints that its use of personal data for advert targeting was not base on consent .

3.Meta ( Instagram ): break water € 405 million ( ~$443 million )   inSeptember 2021by Ireland ’s DPC for failings in its handling of minors ’ data .

Join us at TechCrunch Sessions: AI

Exhibit at TechCrunch Sessions: AI

5.ByteDance ( TikTok ): fin € 345 million ( ~$377 million )   inSeptember 2023by Ireland ’s DPC for failings in its manipulation of minors ’ data .

6.LinkedIn(Microsoft ): fine € 310 million ( ~$335 million ) inOctober 2024by Ireland ’s DPC for lawfulness , comeliness and transparency fail in relation to its behavioral ads commercial enterprise .

7.Uber : Fined € 290 million ( ~$324 million ) inAugust 2024by the Netherlands Autoriteit Persoonsgegevens ( AP ) for transferring number one wood data to the US without equal safeguard .

8.Meta ( Facebook and Instagram ): fine € 265 million ( ~$290 million )   inNovember 2022by Ireland ’s DPC for breaches of information aegis by default and design after certain platform features , including physical contact importer and search puppet , made the personal data of C of millions of exploiter discoverable to all other users .

9.Meta ( Facebook):Fined € 251 million ( ~$263 million ) inDecember 2024by Ireland ’s DPC in intercourse to a 2018 security incident which exposed the personal data of some three million local users .

10.Meta ( WhatsApp ): Fined € 225 million ( ~$246 million ) inSeptember 2021by Ireland ’s DPC for break GDPR transparentness certificate of indebtedness and go to make it clear to users how it swear out their data point .

Not strictly Big Tech but worth a mention

Adtech giantCriteowas issued with a preliminary fine of € 60 million ( ~$65 million )   inAugust 2022by France ’s CNIL for a cooking stove of GDPR breaches . But inJune 2023 , the level of punishment was lose weight to € 40 million ( ~$44 million ) after the adtech giant made theatrical . The enforcement trace complaints that Criteo did not have users ’ consent for tracking and profiling them for ad targeting .

Another bonus mention : U.S.-based AI startupClearview AIwasfined just over € 30M(close to $ 32 MB ) by the Netherlands ’ information protection federal agency in September 2024 . In 2022 it was also fin the maximum possible ( € 20 M or around $ 22 M , based on its revenue at that time ) a full three time by DPAs inItaly , GreeceandFrance . TheU.K. ’s ICOalso gain it with a smaller sanction , so the controversial startup ’s activity have drawn a lot of GDPR enforcement . All these fines are for illicit data processing ; transparency breaches ; and information access right violations seize to its tactics of scraping selfies off the internet to train a facial - recognition ID - twin AI shaft .