Irish DPA Publishes 2025 Case Studies
The Irish Data Protection Commission’s 2025 case studies reveal key trends in GDPR enforcement, with fines up to €1.2 million for breaches involving access requests, security failures, and transparency issues.
The Irish Data Protection Commission’s 2025 case studies reveal key trends in GDPR enforcement, with fines up to €1.2 million for breaches involving access requests, security failures, and transparency issues.
Court upheld Spotify AB’s 5.2 million euros fine for failing to provide clear GDPR information and safeguards for personal data processing and transfers.
The BfDI found Vodafone €45 million for data protection failures linked to partner fraud and security flaws, prompting the company to enhance its compliance and security measures.
The Irish DPC fined TikTok €530 million for GDPR breaches related to inadequate protection of European user data transferred to China.
WhatsApp receives support from a CJEU adviser in its challenge against the EDPB over a €225 million fine for privacy violations.
TikTok faces a fine over €500 million for transferring European user data to China, with an impending decision from Ireland’s Data Protection Commission.
Amazon lost its appeal against a 746 million euro fine for GDPR violations, as Luxembourg’s court upheld the decision by the CNPD.
The DLA Piper GDPR Fines and Data Breach Survey 2025 provides valuable insights into the enforcement landscape of the GDPR over the past year.
European data protection fines fell to €1.2 billion in 2024; activists claim enforcement is weak, with only 1.3% of cases fined, urging stricter personal accountability under GDPR.
Ireland imposed over half of Europe’s GDPR fines in 2024, totaling €3.5 billion since 2018, with a notable decline in penalties compared to previous years.
Meta challenges a €91 million fine from Ireland’s DPC for improperly storing user passwords, claiming the penalty is excessive and misapplied under GDPR.
The Italian Data Protection Authority fined OpenAI €15 million for using personal data without legal grounds and lacking age verification for ChatGPT.