As global attention on consumer data privacy intensifies, enforcement of existing data privacy regulations has become more rigorous.
This article highlights five significant data privacy fines imposed globally and their implications for companies, particularly in the advertising sector.
- Didi Global – $1.19 Billion (2022): The Chinese ride-hailing company, Didi Global, faced a record-breaking fine of $1.19 billion imposed by China’s Cyberspace Administration. The penalty was levied for violations of several Chinese data laws, following a comprehensive investigation into the company’s practices.
- Amazon – $877 Million (2021): Amazon Europe received a fine of $877 million from European regulators for GDPR non-compliance and data processing issues. This fine, a significant enforcement of GDPR, reflects the increasing seriousness with which data protection violations are treated. The fine calculation for GDPR violations considers factors like the nature and duration of the violation, types of consumer data affected, and the company’s level of negligence.
- Google – $400 Million (2022): Google, a leading tech company, was fined $400 million by the US authorities for violations of children’s data privacy laws under the Children’s Online Privacy Protection Act (COPPA). This fine underscores the growing scrutiny of how companies handle sensitive data, especially children’s information.
- Equifax – $575 Million (2019): Credit bureau Equifax’s data breach in 2017 led to a fine of $575 million, potentially rising to $700 million, in a settlement with the US Federal Trade Commission and other agencies. The breach affected the personal information of approximately 150 million consumers.
- Sephora – $1.2 Million (2022): Sephora, a beauty retailer, faced a $1.2 million penalty under the California Consumer Privacy Act (CCPA) for data privacy violations. This case marks the first major enforcement action under the CCPA, signaling the stringent application of this privacy law.
These fines represent a broader trend of increased enforcement of data privacy regulations worldwide. Companies in the advertising industry and beyond are now compelled to reassess and potentially revise their data handling practices to comply with these evolving standards.