- From Alerts to Action: How AI Empowers SOC Analysts to Make Better Decisions
- Herencia, propósito y creatividad confluyen sobre un manto tecnológico en los irrepetibles UMusic Hotels
- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
- 오픈AI, 700조원 규모 'AI 데이터센터' 프로젝트 착수··· 소프트뱅크·오라클 참여
- From Election Day to Inauguration: How Cybersecurity Safeguards Democracy | McAfee Blog
GDPR Fines Total €1.2bn in 2024
GDPR fines issued across Europe totaled €1.2bn ($1.26bn) in 2024, according to new figures published by law firm DLA Piper.
These figures represent a 33% decrease in GDPR fines issued by European regulators compared to 2023, when €2.9bn ($3.1bn) in penalties were handed out.
This is the first time a year-on-year fall in fines has been observed since the GDPR came into effect in May 2018.
The relative reduction in 2024 compared to 2023 is almost entirely as a result of the record-breaking €1.2bn fine against Meta in May 2023. This fine related to the firm’s transfer of personal data to the US on the basis of standard contractual clauses (SCCs).
Therefore, DLA Piper emphasized that the 2024 figures do not represent a shift in focus from personal data enforcement in the EU.
Ross McKean, Partner and Chair of DLA Piper’s UK Data Protection and Cyber Practice, commented: “The headline figures in this year’s survey have, for the first time ever, not broken any records so you may be forgiven for assuming a cooling of interest and enforcement by Europe’s data regulators. This couldn’t be further from the truth.”
The Irish Data Protection Commission (DPC) remains the largest enforcer in Europe. The regulator has issued a total of €3.5bn ($3.7bn) in fines since May 2018, more than four-times the value of fines issued by the next highest regulator, the Luxembourg Data Protection Authority.
The total value of fines reported since the application of GDPR in 2018 now stands at €5.88bn ($6.17bn), according to DLA Piper figures.
Biggest GDPR Fines in 2024
Big tech and social media firms continued to be the biggest targets for large fines under GDPR in 2024. The top three fines over the year were:
DLA Piper also highlighted that enforcement in 2024 expanded notably in other sectors, such as financial services and energy. This includes the Spanish Data Protection Authority issuing two fines totaling €6.2m ($6.5m) against CaixaBank for inadequate security measures.
The average number of breach notifications in 2024 increased slightly to 363 from 335 in 2023.
A Pivot to Personal Liability
Another trend highlighted in the research was the significant shift in focus by European regulators to personal liability.
DLA Piper noted that a number of enforcement decisions cited failures in organizational governance and oversight that caused data privacy violations.
In a prominent example, the Dutch Data Protection Commission announced it was investigating whether it can hold the directors of Clearview AI personally liable for numerous breaches of the GDPR, following a €30.5m ($32.03m) against the firm.
McKean added: “For me, I will mostly remember 2024 as the year that GDPR enforcement got personal. As the Dutch DPA champions personal liability for the management of Clearview AI, 2025 may well be the year that regulators pivot more to naming and shaming and personal liability to drive data compliance.”