Ireland's Data Protection Commissioner (DPC) has decided to fine Facebook 265 million euros or $275 million for violating the General Data Protection Regulation (GDPR) by enabling the scraping of sensitive user data between May 2018 and September 2019. This fine marks the fourth for platforms owned by Facebook's parent company Meta. Even though it might seem like a considerable sum, it's not the most significant amount of money a company had to pay in the history of the GDPR.
As our chart shows, that questionable honor goes to Amazon, another member of GAFAM. In July of 2021, Luxembourg's data watchdog issued the European branch of the multi-billion dollar tech firm a fine of roughly $774 million in current prices for the "non-compliance with general data processing principles" according to the GDPR Enforcement Tracker by CMS Law. The fourth place on the list of highest fines goes to WhatsApp, followed by three counts of Google, Facebook, and Swedish fashion company H&M violating the GDPR.
The regulatory framework of the GDPR aims to give users more control over their data – and lays the groundwork for fining companies offering their services in the EU for breaching its articles. The GDPR was instated on May 25, 2018, as a replacement for the EU's Data Protection Directive from 1995 and contains 99 articles. So far, the GDPR Enforcement Tracker lists 1,507 individual breaches of the GDPR, although the data is most likely incomplete since not all fines are made public.