Privacy, in 2020 fines of € 307 million were imposed in the EEA

09:40, 27/04/2021


The health emergency from Covid-19 has not stopped the supervisory authorities for the protection of European personal data, which in the year just ended have inflicted over 307 million euros in penalties. To highlight it, is the “Statistical report 2020, privacy sanctions in Europe”Drawn up by the Federprivacy Observatory which analyzed the institutional sources of the 30 countries of the European Economic Area (EEA), noting a total of 341 sanctioning proceedings.

In the ranking of the most active authorities, the one that excelled was the Spanish one (AEPD) with as many as 133 penalties imposed at an average rate of almost a fine every three days for a total value of 8 million euros. In second place the Italian Privacy Guarantor with 35 administrative measures, while 26 were those of the Romanian authority (ANSPDCP).

However, the perspective changes if instead of counting the number of sanctions applied, their economic value is considered, with the French authority (CNIL) that with only 8 proceedings issued fines equal to almost half of the total (44.9%) for an amount of 138.3 million euros. Followed by Italy with 58,1 million euros, the United Kingdom with 45 million, and Germany with 37.3 million.

These are just some of the varied numbers that are pitted in the Federprivacy report, while what emerges clearly are the reasons that give rise to the sanctioning proceedings, as noted by Nicola Bernardi, president of the main Italian association of data protection professionals:

“In 59% of cases, the sanctions concern unlawful processing of personal data, such as those carried out in a way that is not transparent to the user or without his consent. Many companies claim to have a legitimate interest and superficially think that they are in compliance with the GDPR, but without a valid legal basis they increasingly slam under the ax of the authorities, especially when they receive multiple complaints from interested parties. The digital market is certainly an opportunity for companies – says Bernardi – but there is a need to develop greater sensitivity to privacy issues in order to operate in compliance with applicable legislation “.

In addition to violations due to unlawful processing, one time in five (20%) to cause fines are the inadequacy of security measures, which often emerge as a result of data breaches, failure to respect the rights of the data subject (9%) , and in 3.8 of the cases it is the privacy policy that is the cause of the infringement.

The sector most targeted for the number of sanctions is that of telecommunications with 69 proceedings, while in terms of economic value the most affected by far is that of the internet and e-commerce with 144.9 million euros in administrative fines. Followed by telecommunications with 62.4 million, and trade and production activities with 38.1 million.