Review of GDPR fines and data breaches 2024

266 fines were issued by German data protection supervisory authorities in 2024, the highest of which was in the high six-figure range against a service provider. Both the number of German fines and the total amount decreased compared to the previous year. The number of data protection violations pursuant to Art. 33 GDPR is also declining.

Review of GDPR fines and data breaches 2023

357 fines were issued by German data protection supervisory authorities in 2023, the highest of which was a seven-figure fine against an unknown company In addition, a total of 24.749 data breaches were reported in accordance with Art. 33 GDPR. Both the number of German fines and the total amount decreased compared to the previous year.

ECJ makes decision in proceedings against Deutsche Wohnen SE

The ECJ rules in the Deutsche Wohnen SE case, clarifying the issue of no-fault fines.

Review of GDPR fines and data breaches 2020

The data protection authorities of Germany’s federal states issued 283 fines in 2020, three of which ran into the millions – including the highest ever imposed in Germany to date as a result of violations of the General Data Protection Regulation (GDPR): a fine of around €35.3 million issued to H&M. All in all, however, the fines are much lower and they relate to natural persons or small enterprises. In addition, a total of 8,943 data breaches in accordance with Article 33 GDPR were reported.

Flood of complaints about Google Analytics

German supervisory authorities have received 200,000 complaints about the inadmissible use of Google Analytics.

Third review of EU-US Privacy Shield

The EU Commission has reviewed the EU-US Privacy Shield for the third time.

Preset consent is unlawful

The ECJ has issued a far-reaching ruling on the use of cookies stipulating that no effective consent to the storage of cookies has been given by the internet user if the website operator employs a checkbox with preset checkmarks.

Facebook’s „Like“ button - website operator liable

The European Court of Justice has imposed stricter requirements on website operators for „Like“ buttons. The integration of social plug-ins can establish a joint responsibility of the website operator and Facebook.