|
A
report by law firm DLA Piper said France has imposed the biggest
single fine - of 50 million euros against Google - while the
Netherlands, Britain and Germany led in terms of the number of
data breach notifications.
The General Data Protection Regulation was introduced in an
effort to safeguard sensitive personal information and
prescribes stiff penalties if companies lose control of data or
process it without proper consent.
It is enforced by a patchwork of national data protection
offices across the 28-member European Union, with responsibility
falling disproportionately on Ireland - the 'lead' regulator for
Silicon Valley giants that have based their European operations
there, such as Facebook.
The fines to date pale in comparison to multibillion-euro
penalties imposed in EU anti-trust cases, but they are likely to
rise over time as appeals and litigation subject the sanctions
to scrutiny and create legal precedents.
In principle, regulators can impose fines of 2% or, in some
cases 4%, of global turnover. In practice, they will have to
judge whether such a heavy penalty would stand up in court, said
DLA Piper partner Ross McKean.
"It's going to take time – the regulators are going to be wary
about going to 4% because they are going to get appealed,"
McKean told Reuters. "And you lose credibility as a regulator if
you're blown up on appeal."
The largest single penalty threatened so far has been in
Britain, where the regulator has proposed a fine of 183 million
pounds ($239 million) against British Airways owner IAG over the
theft of data of half a million customers.
(Reporting by Douglas Busvine; Editing by Ros Russell)
[© 2020 Thomson Reuters. All rights
reserved.] Copyright 2020 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
