Courts in the U.K., Spain, Italy and Germany have recently issued rulings affirming companies’ arguments that their data practices remain compliant with the General Data Protection Regulation (GDPR). This allowed Experian PLC, Amazon.com Inc. and Italian energy giant Enel SpA to successfully battle multimillion-dollar fines imposed by authorities.
Recognizing the potential for immense reputational harm and hefty cost of such a penalty – up to 4% of its total global revenue or a maximum of €20 million – many companies are now taking GDPR violations appeal processes seriously. The most notable example is Meta Platforms Inc., currently pushing back on Ireland’s €390 million fine for targeting Instagram and Facebook users with ads.
As numerous blue-chip firms demonstrate through their courtroom successes, it’s clear that there is a great deal of “gray area” within GDPR regulations that have not been fully explored. Comprehensive analysis of this vast legal field is needed to clarify dispute outcomes. These recent wins will likely inspire other organizations to take a stand and challenge other GDPR enforcement actions.