Resource Center / Infographics / Largest global privacy and security fines as of 2019
Largest global privacy and security fines as of 2019
This resource compares the FTC's $5 billion fine of Facebook with other large enforcements for privacy violations.
Published: August 2019
This resource provides an overview of the largest global privacy and security fines as of August 2019, with a focus on the FTC-Facebook $5 billion settlement.
The IAPP Resource Center additionally hosts an Enforcement topic page, which regularly updates with the latest relevant content.
Largest global privacy and security fines as of 2019
FTC-Facebook
Fine amount: $5 billion
The U.S. Federal Trade Commission has fined Facebook a record-breaking $5 billion and required the company to implement an "unprecedented" and modified corporate governance structure for violating its 2012 FTC consent decree.
View Article
FTC-Equifax
Fine amount: $700 million
Equifax, Inc. agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories to settle allegations that the credit reporting company's failed to take reasonable steps to secure its network.
View Article
ICO-British Airways
Fine amount: $228.75 million* - Intent to fine
Following an extensive investigation the ICO has issued a notice of its intention to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).
View Article
State AGs-Uber
Fine amount: $148 million
A group of attorneys general from 50 states and the District of Columbia reached a $148 million settlement with Uber to address the ride-sharing company’s failure to promptly report a data breach affecting its drivers and passengers.
View Article
ICO-Marriott
Fine amount: $124 million* Intent to fine
Following an extensive investigation the ICO has issued a notice of its intention to fine Marriott International £99,200,396 for infringements of the General Data Protection Regulation (GDPR).
View Article
FTC-Blue Global
Fine amount: $104.47 million
The FTC settled with Blue Global LLC for more than $104 million in damages, all arising from allegations that Blue Global’s “ping tree” lead-generation tool ran afoul of the FTC’s prohibition on unfair or deceptive acts or practices.
View Article
SEC-Facebook
Fine amount: $100 million
The Securities and Exchange Commission today announced charges against Facebook Inc. for making misleading disclosures regarding the risk of misuse of Facebook user data.
View Article
CNIL-Google
Fine amount: $55.5 million
On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.
View Article
SEC-Yahoo
Fine amount: $35 million
The Securities and Exchange Commission today announced that the entity formerly known as Yahoo! Inc. has agreed to pay a $35 million penalty to settle charges that it misled investors by failing to disclose one of the world’s largest data breaches in which hackers stole personal data relating to hundreds of millions of user accounts.
View Article
FTC-Google
Fine amount: $22.5 million
Google Inc. has agreed to pay a record $22.5 million civil penalty to settle Federal Trade Commission charges that it misrepresented to users of Apple Inc.’s Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.
View Article
State AGs-Target
Fine amount: $18.5 million
State attorneys general from 47 states and the District of Columbia announced a settlement agreement with Target Corporation to resolve the states’ investigation into the company’s 2013 data breach.
View Article