Cada medida de aplicación aquí listada procede directamente de comunicados de prensa oficiales de las autoridades de protección de datos de la UE/EEE. Los importes reflejan la decisión final emitida.
| Importe | Empresa | Autoridad | Año | Infracción | Fuente |
|---|---|---|---|---|---|
| €1.2B | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2023 | Unlawful transfer of EU/EEA user data to the US | fuente ↗ |
| €746M | Amazon | CNPD (Luxembourg) | 2021 | Behavioral advertising processed without valid consent or legal basis | fuente ↗ |
| €530M | TikTok | Irish DPC | 2025 | Unlawful transfers of EEA user data to China without adequate safeguards | fuente ↗ |
| €405M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Children's data processing violations on Instagram | fuente ↗ |
| €390M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2023 | Unlawful legal basis for behavioural advertising on Facebook and Instagram | fuente ↗ |
| €345M | TikTok | Irish DPC | 2023 | Children's data processed with unlawful defaults, dark patterns, and inadequate age verification | fuente ↗ |
| €325M | CNIL (France) | 2025 | Gmail ads and cookies placed without valid user consent during account creation (ePrivacy) | fuente ↗ | |
| €310M | Irish DPC | 2024 | Unlawful processing of member data for behavioural analysis and targeted advertising | fuente ↗ | |
| €290M | Uber | Dutch DPA (AP) | 2024 | Unlawful transfers of EU drivers' personal data to the US without safeguards | fuente ↗ |
| €265M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Data scraping incident — privacy by design failures | fuente ↗ |
| €251M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2024 | 'View As' data breach — privacy by design and breach notification failures | fuente ↗ |
| €225M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2021 | Transparency failures (WhatsApp) | fuente ↗ |
| €150M | CNIL (France) | 2022 | Refusing cookies on google.fr/youtube.com required more steps than accepting them (ePrivacy) | fuente ↗ | |
| €91M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2024 | User passwords stored in plaintext — breach notification failure | fuente ↗ |
| €60M | Microsoft | French DPA (CNIL) | 2022 | Cookie consent on Bing — users couldn't refuse as easily as accepting (ePrivacy) | fuente ↗ |
| €50M | CNIL (France) | 2019 | Insufficient transparency and invalid consent for ad personalisation during Android account setup | fuente ↗ | |
| €20M | Clearview AI | Garante (Italy) | 2022 | Unlawful scraping and processing of biometric facial recognition data without consent or legal basis | fuente ↗ |
| €20M | Clearview AI | CNIL (France) | 2022 | Unlawful processing of biometric data scraped from the internet without legal basis or transparency | fuente ↗ |
| €17M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Accountability failures across 12 data breaches | fuente ↗ |
| €10M | AEPD (Spain) | 2022 | Unlawfully shared right-to-erasure request data with Lumen Project and obstructed deletion | fuente ↗ | |
| €10M | Uber | Dutch DPA (AP) | 2023 | Inadequate transparency on data retention, transfers, and access rights for drivers | fuente ↗ |
| ~€5M | Spotify | Swedish IMY | 2023 | Failed to clearly inform users about what data access requests would return | fuente ↗ |
| €4.75M | Netflix | Dutch DPA (AP) | 2024 | Opaque privacy statement and inadequate responses to data access requests | fuente ↗ |
| ~€4.5M | IMY (Sweden) | 2020 | Failed to delist ordered search results and exposed requesters by notifying webmasters | fuente ↗ | |
| €2.5M | Deliveroo | Italian DPA (Garante) | 2021 | Opaque algorithmic rider management and excess data collection | fuente ↗ |
| €750K | TikTok | Dutch DPA (AP) | 2021 | Privacy notice provided only in English, not understandable to Dutch child users | fuente ↗ |
| €475K | Booking.com | Dutch DPA (AP) | 2020 | Reported a 4,109-person data breach 22 days late | fuente ↗ |
| €450K | X (Twitter) | Irish DPC | 2022 | Failed to notify DPC of a data breach within 72 hours and inadequately documented it | fuente ↗ |
Utilice nuestras plantillas gratuitas para ejercer sus derechos del RGPD — descubra qué datos tienen sobre usted o solicite su eliminación.
Ver plantillas de solicitud RGPD por empresa →