Chaque mesure d’application répertoriée ici est issue directement des communiqués de presse officiels des autorités de protection des données de l’UE/EEE. Les montants reflètent la décision finale rendue.
| Montant | Entreprise | Autorité | Année | Infraction | Source |
|---|---|---|---|---|---|
| €1.2B | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2023 | Unlawful transfer of EU/EEA user data to the US | source ↗ |
| €746M | Amazon | CNPD (Luxembourg) | 2021 | Behavioral advertising processed without valid consent or legal basis | source ↗ |
| €530M | TikTok | Irish DPC | 2025 | Unlawful transfers of EEA user data to China without adequate safeguards | source ↗ |
| €405M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Children's data processing violations on Instagram | source ↗ |
| €390M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2023 | Unlawful legal basis for behavioural advertising on Facebook and Instagram | source ↗ |
| €345M | TikTok | Irish DPC | 2023 | Children's data processed with unlawful defaults, dark patterns, and inadequate age verification | source ↗ |
| €325M | CNIL (France) | 2025 | Gmail ads and cookies placed without valid user consent during account creation (ePrivacy) | source ↗ | |
| €310M | Irish DPC | 2024 | Unlawful processing of member data for behavioural analysis and targeted advertising | source ↗ | |
| €290M | Uber | Dutch DPA (AP) | 2024 | Unlawful transfers of EU drivers' personal data to the US without safeguards | source ↗ |
| €265M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Data scraping incident — privacy by design failures | source ↗ |
| €251M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2024 | 'View As' data breach — privacy by design and breach notification failures | source ↗ |
| €225M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2021 | Transparency failures (WhatsApp) | source ↗ |
| €150M | CNIL (France) | 2022 | Refusing cookies on google.fr/youtube.com required more steps than accepting them (ePrivacy) | source ↗ | |
| €91M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2024 | User passwords stored in plaintext — breach notification failure | source ↗ |
| €60M | Microsoft | French DPA (CNIL) | 2022 | Cookie consent on Bing — users couldn't refuse as easily as accepting (ePrivacy) | source ↗ |
| €50M | CNIL (France) | 2019 | Insufficient transparency and invalid consent for ad personalisation during Android account setup | source ↗ | |
| €20M | Clearview AI | Garante (Italy) | 2022 | Unlawful scraping and processing of biometric facial recognition data without consent or legal basis | source ↗ |
| €20M | Clearview AI | CNIL (France) | 2022 | Unlawful processing of biometric data scraped from the internet without legal basis or transparency | source ↗ |
| €17M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Accountability failures across 12 data breaches | source ↗ |
| €10M | AEPD (Spain) | 2022 | Unlawfully shared right-to-erasure request data with Lumen Project and obstructed deletion | source ↗ | |
| €10M | Uber | Dutch DPA (AP) | 2023 | Inadequate transparency on data retention, transfers, and access rights for drivers | source ↗ |
| ~€5M | Spotify | Swedish IMY | 2023 | Failed to clearly inform users about what data access requests would return | source ↗ |
| €4.75M | Netflix | Dutch DPA (AP) | 2024 | Opaque privacy statement and inadequate responses to data access requests | source ↗ |
| ~€4.5M | IMY (Sweden) | 2020 | Failed to delist ordered search results and exposed requesters by notifying webmasters | source ↗ | |
| €2.5M | Deliveroo | Italian DPA (Garante) | 2021 | Opaque algorithmic rider management and excess data collection | source ↗ |
| €750K | TikTok | Dutch DPA (AP) | 2021 | Privacy notice provided only in English, not understandable to Dutch child users | source ↗ |
| €475K | Booking.com | Dutch DPA (AP) | 2020 | Reported a 4,109-person data breach 22 days late | source ↗ |
| €450K | X (Twitter) | Irish DPC | 2022 | Failed to notify DPC of a data breach within 72 hours and inadequately documented it | source ↗ |
Utilisez nos modèles gratuits pour exercer vos droits RGPD — découvrez ce qu’ils détiennent ou demandez la suppression.
Consulter les modèles RGPD par entreprise →