GDPR buses reach nearly €100 million in first half of 2022

An analysis of Atlas VPN shows that GDPR fines total €97.29 million in the first half of 2022, an increase of 92 % compared to the first half of 2021. The data for the analysis comes from Enforcementtrackera platform that provides an overview of fines and penalties imposed by data protection authorities within the EU under the EU General Data Protection Regulation (GDPR). The overview and Atlas VPN's analysis show that companies and individuals were hit with a total of 50.6 million euros in GDPR fines in the first half of 2021. On the other hand, the number of court cases decreased slightly, from 215 in 2021 to 205 in 2022. In other words, even though the number of GDPR violations decreased slightly in 2022, the severity of these violations was significantly greater - and with it the amount of GDPR fines. The most striking difference between 2021 and 2022 can be observed in February, where the total amount of fines imposed differed by almost 28 million euros. The following trend is also striking: around 70 % of GDPR fines are imposed in the first quarter.

A few particularly blatant cases

Atlas VPN also refers to a few significant cases of GDPR fines that were issued in the first half of 2021 and 2022. In June 2021, for example, the Lower Saxony State Commissioner for Data Protection imposed a fine of 10.4 million euros on notebooksbilliger.de AG. The German company had monitored its employees by video for at least two years without a legal basis. The unauthorized cameras recorded workplaces, sales rooms, warehouses and common areas, among other things. The company countered that the surveillance was used to prevent and investigate criminal offenses and to track goods in warehouses. However, video surveillance is only lawful if there is reasonable suspicion against certain persons. If this is the case, it is permitted to monitor them with cameras for a certain period of time. In this case, however, the surveillance was not limited to specific employees or a specific period of time. In May 2022, the Information Commissioner's Office (ICO) fined Clearview AI Inc. £7,552,800 for using images of people in the UK and elsewhere, collected from the internet and social media, to build a global online database that could be used for facial recognition. Clearview AI Inc. has collected more than 20 billion images of human faces and data from publicly available information. The company has not informed anyone that its images have been collected or used in this way. Furthermore, the company actually monitors the behavior of these individuals and offers this as a commercial service.

GDPR buses as "wake-up calls

The General Data Protection Regulation was necessary because the old laws were written before the advent of new technologies like smartphones and tablets, which meant that users were not protected from companies misusing their personal data. The GDPR provides EU citizens with more clarity on how and why companies use their data. In addition, the GDPR significantly limited the data that companies can collect, allowing citizens to browse the internet and use services with much more privacy. In Switzerland, the new Data Protection Act (NDSG) will move in a similar direction. This is scheduled to come into force on September 1, 2023; Companies would do well to prepare for this already today.

This article originally appeared on m-q.ch - https://www.m-q.ch/de/dsgvo-bussen-erreichen-fast-100-millionen-euro-im-ersten-halbjahr-2022/