EU Data Protection Fines Hit Record High in 2023

In 2023, approximately €2.1 billion in fines were imposed in the EU due to violations of the General Data Protection Regulation (GDPR), according to data from enforcementtracker.com. This means that more fines were incurred than in 2019, 2020 and 2021 combined. The main reason for this was a new record fine of €1.2 billion for Facebook parent company Meta, related to the unlawful transfer of data to the U.S. under the social media platform's standard contractual clauses, according to the GDPR.

As our chart shows, despite a dip last year, the average amount of fines has increased significantly since 2019, even after factoring out the meta fine. In 2023, for example, an average of €4.4 million was incurred per violation, up from around €500,000 in 2019. In the past three years, Meta, Amazon and Google in attracted particular attention due to especially high fines; the highest fine before Meta's latest record, amounting to €746 million, was imposed on Jeff Bezos' e-commerce giant in 2021.