Unified Metrics Library - Convictions and fines for violation of user privacy
Helper question
Summary
Unit
Description
Companies found to be in breach of GDPR are fined according to the scope and type of their infringement. A supervisory authority based on each EU country assesses the violation (e.g., shortcoming, data breach) to determine what type of penalty will be imposed. A tiered approach to fine is followed.
Regulatory Definition
"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Sources
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE council of 27 April 2016on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) General conditions for imposing administrative fees, Article 83
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Article 4 (12)
Examples
The supervisory authority in Ireland Meta with a record-breaking €1.2 billion fine for transferring data collected from Facebook users in the EU/EEA to the US, violating GDPR international transfer guidelines, Article 46 (1).