In 2023, approximately €1.6 billion in fines have been imposed so far due to violations of the General Data Protection Regulation (GDPR), according to data from enforcementtracker.com. This means that even in the first five months, more fines were incurred than in 2019, 2020 and 2021 combined. The main reason for this is a new record fine of €1.2 billion for Facebook parent company Meta, which is related to the unlawful transfer of data to the U.S. under the social media platform's standard contractual clauses, according to the GDPR. Meta announced shortly after the announcement that it would challenge the fine order.
As our chart shows, the average amount of DSGVO fines has increased significantly since 2019, even after factoring out the current meta fine. In 2023, for example, an average of €2.8 million was incurred per violation, up from around €500,000 in 2019. It remains unclear whether the actual number of violations this year will reach the highs of 2021. In the past three years, Meta, Amazon and Google in particular attracted particular attention due to especially high fines; the highest fine until most recently, amounting to €746 million, was imposed on Jeff Bezos' e-commerce giant in 2021.