Elke hier vermelde handhavingsactie is rechtstreeks afkomstig van officiële persberichten van EU/EER-gegevensbeschermingsautoriteiten. Bedragen weerspiegelen de definitief opgelegde beslissing.
| Bedrag | Bedrijf | Autoriteit | Jaar | Overtreding | Bron |
|---|---|---|---|---|---|
| €1.2B | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2023 | Unlawful transfer of EU/EEA user data to the US | bron ↗ |
| €746M | Amazon | CNPD (Luxembourg) | 2021 | Behavioral advertising processed without valid consent or legal basis | bron ↗ |
| €530M | TikTok | Irish DPC | 2025 | Unlawful transfers of EEA user data to China without adequate safeguards | bron ↗ |
| €405M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Children's data processing violations on Instagram | bron ↗ |
| €390M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2023 | Unlawful legal basis for behavioural advertising on Facebook and Instagram | bron ↗ |
| €345M | TikTok | Irish DPC | 2023 | Children's data processed with unlawful defaults, dark patterns, and inadequate age verification | bron ↗ |
| €325M | CNIL (France) | 2025 | Gmail ads and cookies placed without valid user consent during account creation (ePrivacy) | bron ↗ | |
| €310M | Irish DPC | 2024 | Unlawful processing of member data for behavioural analysis and targeted advertising | bron ↗ | |
| €290M | Uber | Dutch DPA (AP) | 2024 | Unlawful transfers of EU drivers' personal data to the US without safeguards | bron ↗ |
| €265M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Data scraping incident — privacy by design failures | bron ↗ |
| €251M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2024 | 'View As' data breach — privacy by design and breach notification failures | bron ↗ |
| €225M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2021 | Transparency failures (WhatsApp) | bron ↗ |
| €150M | CNIL (France) | 2022 | Refusing cookies on google.fr/youtube.com required more steps than accepting them (ePrivacy) | bron ↗ | |
| €91M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2024 | User passwords stored in plaintext — breach notification failure | bron ↗ |
| €60M | Microsoft | French DPA (CNIL) | 2022 | Cookie consent on Bing — users couldn't refuse as easily as accepting (ePrivacy) | bron ↗ |
| €50M | CNIL (France) | 2019 | Insufficient transparency and invalid consent for ad personalisation during Android account setup | bron ↗ | |
| €20M | Clearview AI | Garante (Italy) | 2022 | Unlawful scraping and processing of biometric facial recognition data without consent or legal basis | bron ↗ |
| €20M | Clearview AI | CNIL (France) | 2022 | Unlawful processing of biometric data scraped from the internet without legal basis or transparency | bron ↗ |
| €17M | Meta (Facebook / Instagram / WhatsApp) | Irish DPC | 2022 | Accountability failures across 12 data breaches | bron ↗ |
| €10M | AEPD (Spain) | 2022 | Unlawfully shared right-to-erasure request data with Lumen Project and obstructed deletion | bron ↗ | |
| €10M | Uber | Dutch DPA (AP) | 2023 | Inadequate transparency on data retention, transfers, and access rights for drivers | bron ↗ |
| ~€5M | Spotify | Swedish IMY | 2023 | Failed to clearly inform users about what data access requests would return | bron ↗ |
| €4.75M | Netflix | Dutch DPA (AP) | 2024 | Opaque privacy statement and inadequate responses to data access requests | bron ↗ |
| ~€4.5M | IMY (Sweden) | 2020 | Failed to delist ordered search results and exposed requesters by notifying webmasters | bron ↗ | |
| €2.5M | Deliveroo | Italian DPA (Garante) | 2021 | Opaque algorithmic rider management and excess data collection | bron ↗ |
| €750K | TikTok | Dutch DPA (AP) | 2021 | Privacy notice provided only in English, not understandable to Dutch child users | bron ↗ |
| €475K | Booking.com | Dutch DPA (AP) | 2020 | Reported a 4,109-person data breach 22 days late | bron ↗ |
| €450K | X (Twitter) | Irish DPC | 2022 | Failed to notify DPC of a data breach within 72 hours and inadequately documented it | bron ↗ |
Gebruik onze gratis sjablonen om uw AVG-rechten uit te oefenen — ontdek wat zij bewaren of vraag verwijdering aan.
Bekijk AVG-sjablonen per bedrijf →