1. Raw Data Source: Enforcement Tracker
Top violators with fines over EUR 5 Million
linkedin.com/shefalipathak
Total fines paid: EUR 50,600,028
Largest fine: EUR 50,000,000
Smallest fine: EUR 28
For failing to
acknowledge how user
data is processed
(especially with regards
to ad peronalization)
“Data subject” or individual user asked
Google Adwords for the information the
company had about them (Right of Access)
and Google replied that they didn’t know who
in the company could give them the required
information.
2. Raw Data Source: Enforcement Tracker
Top violators with fines over EUR 5 Million
linkedin.com/shefalipathak
Total fines paid: EUR 35,258,708
Single instance
“Illegal surveillance of
employees in Germany”: Collecting excessive data about
employees that violated their individual rights as “data subjects”
EUR 27,800,000 - Total fines paid
Single instance
Running aggressive promotional campaign without consent and
including individuals on “do not call” public registry, not providing
individuals right to access their data and excessive data retention
3. Raw Data Source: Enforcement Tracker
Top violators with fines over EUR 5 Million
linkedin.com/shefalipathak
Total fines paid: EUR 35,258,708 For both companies this was an
instance of failure of data
security, as a result of which
when the company underwent a
cyber attack it compromised
personal and payment
information of customers
Total fines paid: EUR 20,450,000
4. Raw Data Source: Enforcement Tracker
Top violators with fines over EUR 5 Million
linkedin.com/shefalipathak
Violator ~ Total Fines (EUR) # of Fines Reasons
EUR 22,000,000 43
Largest fine: Aggressive telemarketing; data
security failures
EUR 16,000,000 1
Unlawful direct marketing, failure to seek explicit
consent
EUR 11,000,000 2
Illegal processing of data to make marketing
calls; did not make provisions to verify customers
who had opted-out of marketing services
EUR 10,000,000 1
Keeping employees under constant video
surveillance
EUR 6,000,000 2
“Illicit transfer” or personal data to group
companies (in absence of clear and explicit
consent)
EUR 5,000,000 4
Failed to explain “what and why” to customers
and sent promotional messages without explicit
consent