A new reporto by Federprivacy has analyzed official sources of information in the 30 countries that are part of the European Economic Area (EEA).
The Covid-19 emergency has not stopped the data protection authorities in Europe that during 2020 have imposed more than € 307.000.000 of fines, according a new report by Federprivacy that has analyzed official sources of information in the 30 countries that are part of the European Economic Area (EEA), and it has underscored 341 sanctions.
In the list, the Spanish authority (AEPD) has been the strictest one imposing 133 sanctions, an average of 1 fine every 3 days, for a global amount of € 8,000,000. Then the Italian data protection authority with 35 fines, and the Romanian authority (ANSPDCP) with 26 sanctions.
There is a different perspective if we consider the economic value of the sanctions instead of their number. The French authority (CNIL) with only 8 administrative actions was able to impose almost half of the total of the fines (44%) with an amount of €138,300,000. Following it, the Italian authority with €58,100,000, UK with €45,000,000 and Germany with €37,300,000.
These are only some of the different figures that are itemized in the Federprivacy report. However, the motivations that caused the sanctions are outstanding, according to Mr. Nicola Bernardi, chairman of the most important Italian professional data protection association:
“In 59% of the cases, the sanctions are about illicit processing of personal data, like the lack of transparency toward the user or his lack of consent. Many companies claim to have a legitimate interest or they think to comply with the GDPR, but since they have no legal basis, they often are undergoing the heavy punishment of the authority, especially if there are many complaints from the users. The digital market is an opportunity, but we need to develop more sensitivity about the issue of data protection,” says Mr. Bernardi.
Besides illicit processing of personal data, in 20% of cases (1 in 5) lack of safety (often underscored by data breaches), no respect for the users rights (9%) and privacy policies (3.8%) are the causes of the infringements.
Telecommunications has been the most targeted sector with highest number of sanctions (69), while internet and e-commerce has been the sector that had to pay more economically (€144,900,000 in fines). Telecommunications has been the second in this list with €62,400,000, and business the third with €38,100,000.