Fines of 410 million euros in just one year. This is the amount of the fines imposed in 2019 by the European privacy guarantors in the context of 190 proceedings.
The European Union with the Gdpr, the regulation on the processing of personal data and privacy approved in 2016 and became operational in May last year, it decided to operate in a compact manner by establishing common lines of conduct, but also very high penalties for those who violate them. Just think that the fines can reach up to 20 million euros or up to 4% of the offenders' global annual turnover.
According to the data contained in thelatest statistical report of the Federprivacy Observatory "Privacy sanctions in Europe 2019", the breakthrough in privacy seems to have arrived quickly. The report is the result of an analysis carried out at the institutional sources of the thirty countries of the European Economic Area and shows how the UK alone imposed fines of €312 million, 76% of the overall total.
Among the most active authorities are the Romanian one, in third place with 20 sanctions imposed, the Spanish one, second with 28, and the Italian one, which is in first place with 30 sanctions issued in 2019 for a total of 4,341 million euros.
Our national record becomes even more important if one considers that for over six months the Privacy Guarantor has been waiting for the policy to move to renew the board that expired on 19 June 2019 and operates under a prorogatio regime with powers limited to the management of business of ordinary administration and those that cannot be postponed and urgent.
Faced with these virtuous examples, the report highlights that there are supervisory authorities who are still waiting to impose the first sanctions with the EU Regulation, such as those of Ireland and Luxembourg. Countries where the over the top are based in Europe, i.e. Facebook, Amazon, Google, etc.
Not by chance, Nicola Bernardi, president of Federprivacy, comments: «The GDPR has laid the foundations for a more homogeneous legislation on the protection of personal data within the EU, and the new sanctioning regime is also an effective deterrent tool in the fight against violations. However, the report seems to highlight a phenomenon of double-speed enforcement authorities, with the English one having already heavily fined British Airways and Marriot, while its Irish counterpart, although it is the competent lead authority for several tech giants, has not imposed still no fines. We therefore hope that the "one stop shop" mechanism does not end up favoring companies such as Facebook, Twitter, Amazon and Google in a distorted way, and that the results of the 19 investigations that appear to have been launched in Ireland will soon be known.
