Unified Metrics Library - Convictions and fines for violation of user privacy

Helper question

How many legal proceedings associated with user privacy has the company been involved in, during the period?


The objective of this indicator is to understand the amount that the data breaches resulted in convictions and fines related to violation of user privacy.


Legal proceedings


Companies found to be in breach of GDPR are fined according to the scope and type of their infringement. A supervisory authority based on each EU country assesses the violation (e.g., shortcoming, data breach) to determine what type of penalty will be imposed. A tiered approach to fine is followed.

Regulatory Definition

"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.



The supervisory authority in Ireland Meta with a record-breaking €1.2 billion fine for transferring data collected from Facebook users in the EU/EEA to the US, violating GDPR international transfer guidelines, Article 46 (1).