Alle hier aufgeführten Durchsetzungsmaßnahmen stammen direkt aus offiziellen Pressemitteilungen der EU/EWR-Datenschutzbehörden. Die Beträge entsprechen der endgültig verhängten Entscheidung.
| Betrag | Unternehmen | Behörde | Jahr | Verstoß | Quelle |
|---|---|---|---|---|---|
| €1.2B | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2023 | Unlawful transfer of EU/EEA user data to the US | Quelle ↗ |
| €746M | Amazon | CNPD (Luxembourg) | 2021 | Behavioral advertising processed without valid consent or legal basis | Quelle ↗ |
| €530M | TikTok | Irish DPC | 2025 | Unlawful transfers of EEA user data to China without adequate safeguards | Quelle ↗ |
| €405M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Children's data processing violations on Instagram | Quelle ↗ |
| €390M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2023 | Unlawful legal basis for behavioural advertising on Facebook and Instagram | Quelle ↗ |
| €345M | TikTok | Irish DPC | 2023 | Children's data processed with unlawful defaults, dark patterns, and inadequate age verification | Quelle ↗ |
| €325M | CNIL (France) | 2025 | Gmail ads and cookies placed without valid user consent during account creation (ePrivacy) | Quelle ↗ | |
| €310M | Irish DPC | 2024 | Unlawful processing of member data for behavioural analysis and targeted advertising | Quelle ↗ | |
| €290M | Uber | Dutch DPA (AP) | 2024 | Unlawful transfers of EU drivers' personal data to the US without safeguards | Quelle ↗ |
| €265M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Data scraping incident — privacy by design failures | Quelle ↗ |
| €251M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2024 | 'View As' data breach — privacy by design and breach notification failures | Quelle ↗ |
| €225M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2021 | Transparency failures (WhatsApp) | Quelle ↗ |
| €150M | CNIL (France) | 2022 | Refusing cookies on google.fr/youtube.com required more steps than accepting them (ePrivacy) | Quelle ↗ | |
| €91M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2024 | User passwords stored in plaintext — breach notification failure | Quelle ↗ |
| €60M | Microsoft | French DPA (CNIL) | 2022 | Cookie consent on Bing — users couldn't refuse as easily as accepting (ePrivacy) | Quelle ↗ |
| €50M | CNIL (France) | 2019 | Insufficient transparency and invalid consent for ad personalisation during Android account setup | Quelle ↗ | |
| €20M | Clearview AI | Garante (Italy) | 2022 | Unlawful scraping and processing of biometric facial recognition data without consent or legal basis | Quelle ↗ |
| €20M | Clearview AI | CNIL (France) | 2022 | Unlawful processing of biometric data scraped from the internet without legal basis or transparency | Quelle ↗ |
| €17M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Accountability failures across 12 data breaches | Quelle ↗ |
| €10M | AEPD (Spain) | 2022 | Unlawfully shared right-to-erasure request data with Lumen Project and obstructed deletion | Quelle ↗ | |
| €10M | Uber | Dutch DPA (AP) | 2023 | Inadequate transparency on data retention, transfers, and access rights for drivers | Quelle ↗ |
| ~€5M | Spotify | Swedish IMY | 2023 | Failed to clearly inform users about what data access requests would return | Quelle ↗ |
| €4.75M | Netflix | Dutch DPA (AP) | 2024 | Opaque privacy statement and inadequate responses to data access requests | Quelle ↗ |
| ~€4.5M | IMY (Sweden) | 2020 | Failed to delist ordered search results and exposed requesters by notifying webmasters | Quelle ↗ | |
| €2.5M | Deliveroo | Italian DPA (Garante) | 2021 | Opaque algorithmic rider management and excess data collection | Quelle ↗ |
| €750K | TikTok | Dutch DPA (AP) | 2021 | Privacy notice provided only in English, not understandable to Dutch child users | Quelle ↗ |
| €475K | Booking.com | Dutch DPA (AP) | 2020 | Reported a 4,109-person data breach 22 days late | Quelle ↗ |
| €450K | X (Twitter) | Irish DPC | 2022 | Failed to notify DPC of a data breach within 72 hours and inadequately documented it | Quelle ↗ |
Nutzen Sie unsere kostenlosen Vorlagen, um Ihre DSGVO-Rechte auszuüben — erfahren Sie, was diese Unternehmen über Sie speichern, oder beantragen Sie die Löschung.
DSGVO-Vorlagen für Unternehmen durchsuchen →