European countries have so far handed out 114 million euros in privacy fines, according to a survey by law firm DLA Piper. These are fines that have been handed out under the European GDPR privacy law, known in the Netherlands under the name General Data Protection Regulation (AVG), which entered into force in May 2018.
The highest fine was awarded in France and went to Google, which has to pay 50 million euros. The French privacy watchdog also imposed a fine on other organizations. The country is followed by Germany, where the privacy authority has imposed fines totaling 24.5 million euros.
In addition, Austria (18.1 million), Italy (11.6 million), Bulgaria (3.2 million) and Spain (1.4 million) have imposed fines of more than one million euros. In the Netherlands, the Dutch Data Protection Authority (AP) has imposed one fine for the time being. It went to the Haga Hospital in The Hague and amounted to 460,000 euros.
Under the predecessor of the AVG, the AP already had the right to issue fines - and did so once to Uber - but under the GDPR, the privacy authorities in all European countries have been given that authority. The fines can amount to 4 percent of the annual turnover of a company.
In addition to the financial penalties already imposed, British Airways has a fine of 183.4 million pounds (215.1 million euros). The Marriott hotel chain may also have to pay £ 99.2 million. The data of millions of customers from both companies was visible to hackers, after which the British privacy watchdog found that the organizations had not properly protected the data.