Data from Atlas VPN shows that, as of December 2022, companies had to pay a total of €2.83 billion in 1401 cases for breaking different data protection laws. This includes GDPR fines, which totaled €832 million in 2022. That’s 36% less than the €1.3 billion paid in 2021.
Even though the amount of money fined was lower last year, the charges were more severe for a single company, Meta. The largest sum charged for violations was recorded in Q3 of 2021, but Q3 of 2022 was also significant because businesses were penalized €430 million.
Meta repeatedly fined hundreds of millions
Distinctively, most of the penalties in 2022 were paid by Meta. The Data Protection Commission (DPC), which is an authority for GDPR enforcement in Ireland, imposed a €405 million fine for Meta Platforms Ireland Limited (Instagram) on September 5th, 2022.
Two issues were found with the processing of personal data pertaining to child users of Instagram.
The email addresses and phone numbers of children were publicly exposed when using the Instagram business account function, and the Instagram profiles of kids were public-by-default.
Meta was also imposed a hefty sum of €265 million on November 25th, 2022, when the DPC declared that Meta had violated two articles of the EU’s data protection laws after details of Facebook users from around the world were scraped from public profiles in 2018 and 2019.
The DPC also issued a “reprimand and an order” according to which Meta will have to “bring its processing into compliance by executing a range of specified remedial activities within a specific deadline”.
Meta has paid around €1 billion for GDPR violations to date.
Since May 25th, 2018, Europe’s new framework for data protection has affected many businesses operating within the EU.
Read more here.
Read next: YouTube removed 5.8 million channels in Q3 2022, the highest till date