EU watchdogs ramp up privacy powers with bigger fines

LUXEMBOURG: European Union privacy regulators are gearing up to make full use of expanded powers under new data protection rules, according to a report that found €114 million in fines have been levied so far for data violations, with even higher penalties expected.

Regulators in France, Germany and Austria levied the biggest fines so far, while the Netherlands, Germany and the UK topped the list for the number of data breaches notified to their authorities, the survey by law firm DLA Piper found.

France’s data protection commission, the CNIL, last January slapped Google with a €50 million fine over transparency, information and consent failures.

The French fine was the biggest issued so far since the EU’s General Data Protection Regulation, GDPR, took effect in May 2018.

Regulators for the first time got the powers to fine companies as much as 4% of global annual sales for serious violations.

The UK watchdog, the Information Commissioner’s Office, already announced its intention to fine British Airways £183.4 million over computer attacks that exposed customer data, and Marriott International Inc £99 million over a cyber-attack.

“The total amount of fines of €114 million imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement,” Ross McKean, a partner at DLA Piper specialising in cyber and data protection, said in a statement.

“We expect to see momentum build with more multi-million euro fines being imposed over the coming year as regulators ramp up their enforcement activity.”