back to article Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli... Oh, that's mostly Google

European data protection agencies have issued fines totalling €56m for GDPR breaches since it was enforced last May, from more than 200,000 reported cases – but watchdogs have said they're just warming up. An assessment from the European Data Protection Board (EDPB), which is made up of regulators across the region, found that …

  1. S_W

    How many at fault results?

    The article starts by focusing on the fines but never actually mentions how many of the ~100K cases that have been closed resulted in the organisation being found to be at fault. Without that, the total amount of the fines is pretty meaningless.

  2. chivo243 Silver badge

    Google's 2 cents?

    50,000,000 credits? Seems about right. Time to spin a few more adverts and make that money back!

  3. BebopWeBop
    Thumb Up

    Just warming up

    I look forward to the full release, popcorn ready. All power to the French authorities.

    1. JLV
      Black Helicopters

      >All power to the French authorities.

      Faites attention à ce que vous voulez, car vous l'aurez

      ok, maybe in _this_ case...

  4. FrogsAndChips

    Figures of reports

    "reports of data breaches in the first month at 1,700. This has levelled out a little, but there are still about 400 coming in a month. Overall, he expects the total to reach about 36,000 this year"

    These figures don't add up, how can they expect 36,000 reports this year when they only have 400 a month (4,800 a year)?

    1. BebopWeBop

      Re: Figures of reports

      Not necessarily - they may be anticipating a surge in complaints as the public become more aware that they have the option (and are increasingly knowledgeable - ok would not take much of an improvement, about these companies activities.)

  5. TkH11

    I reported a breach of GDPR regarding the illegal way a company was obtaining consent from its customers.

    The ICO gave me a case number and done nothing since.

    The ICO is useless.

    1. Anthony 13

      What's a person to do? My personal peeve is SMS marketing - I complain to and boycott any company that does this. One company claimed they had the right to text me (which they did not) and even kept texting me after I complained, another said sorry can't explain why it happened (but I am stuck in a contract with them, so can't even boycott). Sure, I could report these operational cock-ups to the ICO, but let's face it - will the ICO ever do anything about these minor indiscretions?

      1. Lusty

        It takes about 30 seconds to report once you have the below link. I'd imagine my repeated use of this helped the authorities find and raid those offices recently. In that article they stated around 400 complaints which isn't much so maybe that's why this stuff isn't being stamped out? ALWAYS report these things. These people need evidence to act upon.

    2. Anonymous Coward
      Anonymous Coward

      re: "The ICO is useless"

      They're fulfilling their remit then - you didn't really think they were given power to actually make a difference?!?

      1. Lusty

        No, they were given power to kick names and take cool jackets.

        Not entirely toothless after all.

  6. Mark White

    Companies going too far.

    The main issues I've had with GDPR are companies refusing to tell me anything because I haven't actively subscribed to them. As an example, my broadband price went up by £5 per month but I wasn't told as I had failed to opt in to marketing emails. After speaking to them, GDPR was blamed for being unable to communicate price changes to me.

    The other issue is how much effort having to opt out of tracking manually on most websites I visit. On sites I have opted out before, there is no indication this was saved. The usual accept and continue banner is displayed at the bottom of the screen but when I go into the consent options, they can be opted out or they could be opted in.

    I have been getting much better ads though... now I've opted out of targetted ads where I can.

    1. A.P. Veening Silver badge

      Re: Companies going too far.

      "I have been getting much better ads though... now I've opted out of targetted ads where I can."

      I've been getting a lot less ads since I started using a Pi-Hole. As a nice side benefit, a lot of pages load a lot quicker.

    2. Richard Jones 1

      Re: Companies going too far.

      That sounds like a blatant abuse of the act since you have an ongoing (though now breaking down) relationship with the clowns. I understood that GDPR allowed continuing communications concerning the conduct of an existing relationship. Marketing abuse mails are a different can of worms, who was it BT's or Sky's blackmailers?

    3. Anonymous Coward
      Anonymous Coward

      "GDPR was blamed for being unable to communicate price changes to me."

      That's full BS - but privacy regulators should not invoked here - but consumer protection agencies. Any change of contract terms must be communicated (and the customer has to be able to terminate the contract without fees) - and GDPR does allow for that - as it's part of delivering a service - exactly like billing, I believe they billed you regularly - not marketing. So they broke consumers' protection laws...

    4. FrogsAndChips

      Re: Companies going too far.

      Since when does a contract change notification qualify as a marketing email?

      1. Rich 11

        Re: Companies going too far.

        Since the moment they thought they might be able to get away with it.

    5. Cynical Pie

      Re: Companies going too far.

      I'd call bull sh!t with your provider on that.

      Details of a price rise wouldn't be marketing, it would be part of your terms of contract in the same way that a bill or statement would.

    6. Alan Brown Silver badge

      Re: Companies going too far.

      "After speaking to them, GDPR was blamed for being unable to communicate price changes to me."

      That's BS.

      GDPR explicitly _doesn't_ block a company sending you notices about changes to terms and conditions of an active contract (a price change comes under that category) and trading standards can get involved in that one.

      It's the kind of thing where a letter from Dewey Cheatem and Howe starting "I act on behalf of Mr Donald Duck" sends chills down spines and has them backpedalling furiously.

    7. SImon Hobson

      Re: Companies going too far.

      After speaking to them, GDPR was blamed for being unable to communicate price changes to me.

      Just another case of companies not knowing what the rules are - there's a long history of that !

      One example I recall from a couple of decades ago was when I put all my employers numbers on both the TPS and FPS in an attempt to cut down on the junk calls/faxes. Not long after, I was informed that we needed to remove one of the numbers from the FPS because a service they subscribed to (a weekly market intelligence report by fax) couldn't send them the fax as the number was on the FPS. I responded "quite bluntly" that the accuracy of anything coming from a company which had so little knowledge of the rules regarding the TPS and FPS was of "questionable accuracy". When the jist of my response was fed back to the service provider, I believe they modified their systems and the information faxes from them started coming in again.

      Just like your example, the company had failed to grasp the difference between unsolicited marketing communications, and those happening as a result of a contract with them.

  7. Rich 2 Silver badge


    The EU has been busy chasing GDPR violations.

    So... why are Googlies and Faecesbook still in business, doing EXACTLY what they've been doing for years?

    1. Anonymous Coward
      Anonymous Coward

      Re: So......

      They're warming up.... as the article says.

      Nobody really expected big fines started from day one - and it was a sensible approach. But as in the Google case, fines are coming...

  8. Hans 1

    I am waiting a bit, then I shall ask DisneyLandRedmond what data they have on me and where it is stored, will be fun, that ... ;-)

  9. Rudolph Hucker the Third

    What I want (what I really really want), is a FaecesBorg consent checkbox, checked by default.

    As in:

    [X] I do NOT consent to this website sharing my personal data with FaecesBorg

    I look forward to El Reg leading by example.

  10. Chris G


    Know how to make a complaint in Europe? After 15 minutes of scrolling through a duckduck search and opening potential pages, I am none the wiser. Perhaps I am not asking the right questions.

    1. FrogsAndChips

      Re: Anyone

      There's no such thing as a European Data Privacy Regulator, you need to address your complaint to your own authority. Search for "<your country> data privacy regulator". Someone above posted a full link to lodge a complaint with the ICO (UK).

  11. M.V. Lipvig Silver badge


    Fine them as a percentage of gross income, with a fine from one incident not being taken into accout for the fine of a second incident. This is the only way these people will feel any pain from their transgressions.

    I really wish there was a way to get a similar law passed in the US. I'd LOVE to be able to include the phone companies, for delivering spam calls which are unwanted marketing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like