Irish DPA collected only €19.9 million from €3.26 billion of GDPR fines
Irelands data protection authority – the Data Protection Commission (DPC) – has levied €3.26 billion in fines over the past five years, yet only a small fraction has been collected. As of the end of October, only €19.9 million, representing just 0.6% of the total penalties, has been paid. Most of these fines are related to major technology companies and are currently under appeal or other legal processes, which has delayed the collection of the outstanding amounts.
In 2020, the DPC imposed €785,000 in fines, with €75,000 collected to date. The following year saw a significant increase, with fines totaling €225 million; however, only €800,000 has been settled. The year 2022 marked a notable spike in fines, exceeding €1 billion, yet only €17.6 million has been collected from that total. Last year, the DPC issued €1.55 billion in fines, including a substantial €1.2 billion penalty against Meta, the parent company of Facebook, of which only €815,000 has been received.
For the current year, the DPC has levied €401 million in fines, but only €582,500 has been collected thus far. The DPC clarified that none of the €3.256 billion in fines has been written off or deemed uncollectable. The fines become payable only after the Circuit Court confirms the DPC’s decision, which requires a formal application to the courts. The process is contingent upon whether the fined entity has chosen to appeal the decision.
The DPC emphasized that it can only proceed with the confirmation application and collect fines when the data controller or processor has not sought to challenge the ruling. This legal framework complicates the DPC’s ability to collect fines in a timely manner, resulting in a significant backlog of unpaid penalties.
Source: Data watchdog collects only €19.9m out of €3.26bn in fines levied over past five years
