EU Data-Breach Fines in 2020 Exceeded 170m Euros

European countries last year issued fines totalling 171.3 million euros (US$211 million) for violations of the EU’s framework for General Data Protection Regulation (GDPR).

GDPR fines totalled 171.3 million euros last year, over a third more than in 2019 (Credit: Dooffy, Creative Commons Licence)GDPR fines totalled 171.3 million euros last year, over a third more than in 2019 (Credit: Dooffy, Creative Commons Licence)The figures, outlined in a report published by research and news agency Finance in Bold on Tuesday, indicate that penalties imposed in the United Kingdom — which recently left the European Union — and Italy accounted for almost 60% of the overall amount.

Under the provisions of the regulation, government agencies are empowered to require businesses and public institutions to take sufficient steps to protect personal information from cyberattacks and other damaging types of data-compromise, and to impose financial penalties for failure to do so.

Last year’s fines represent an increase of more than a third on 2019, and include a 35 million euro ($43 million) fine against German retailer H&M, more than 27 million euros ($33 million) sought against Italian telecommunications operator TIM, and a penalty of 22 million euros ($27 million) imposed against British Airways.

Penalties sought by countries subject to GDPR are comparatively low when held against fines imposed for data breaches elsewhere.

In 2019, the U.S. Federal Trade Commission fined Facebook $5 billion over data failures relating to the Cambridge Analytica scandal, adding to previous actions brought against credit reporting agency Equifax ($700 million) in 2017 and ride-hailing app Uber ($150 million) in 2018.

Following the introduction of GDPR in 2018, the number of violations that have incurred penalties has continued to rise, suggesting that many companies and institutions could be doing more to protect sensitive information pertaining to those who use their services.

“Despite campaigns to have organizations enact better measures to protect consumer data, the violations recorded across the EU remain significant,” Finbold’s chief editor, Oliver Scott, said.

“It will be interesting to see if organizations will take up extra responsibility to prevent breaches in 2021,” he added.

Amid the novel coronavirus pandemic, an explosion in illegal activity online has been recorded by watchdogs and government institutions alike, with reports of an overall growth in internet-enabled criminality of more than 600% by the middle of last year.

Along with the increasing distribution of child pornography online, a boom in darknet drug sales and an open season on phishing scams, ransomware attacks and other data breaches have been reported against both public infrastructure and commercial entities.

These have included a sustained attack on the Czech healthcare system, a DDoS campaign against the Macedonian State Electoral Commission, and a possibly nine-month-long hack against federal authorities in the United States, suspected to have been conducted by criminal actors backed by Russia.