Ireland Imposes Over Half of Europe’s GDPR Fines in 2024
Ireland continues to be the leading enforcer of the General Data Protection Regulation (GDPR), having issued fines totaling €3.5 billion since the regulation was enacted in May 2018. A recent survey by DLA Piper highlights that the Irish Data Protection Commission (DPC) was responsible for over half of the €1.2 billion in fines imposed across Europe in 2024. Notable penalties from the DPC last year included a €310 million fine against LinkedIn and a €251 million fine against Meta.
Despite the significant fines issued in previous years, the total for 2024 represents a 33% decrease compared to the prior year. This decline is primarily attributed to the absence of record-breaking fines, as the largest penalty under GDPR remains the €1.2 billion imposed on Meta in 2023. The overall fines since the GDPR’s implementation now stand at €5.88 billion, with Luxembourg’s Data Protection Authority following at €746.38 million.
The focus of GDPR enforcement is not limited to major tech companies and social media platforms. The survey indicates an expansion of enforcement actions into sectors such as financial services and energy. For example, the Spanish Data Protection Authority issued fines totaling €6.2 million against a bank for inadequate security measures, while Italy’s Data Protection Authority fined a utility provider €5 million for using outdated customer data.
John Magee, a partner at DLA Piper, emphasized that the figures in this year’s survey do not indicate a decrease in regulatory interest. Instead, the landscape of GDPR enforcement remains dynamic, with growing attention to various sectors and the potential for personal liability for company directors. The Irish DPC continues to play a crucial role as Europe’s leading data regulator in this evolving environment.
