Largest global privacy and security fines as of 2019

Resource Center / Infographics / Largest global privacy and security fines as of 2019

Largest global privacy and security fines as of 2019

This resource compares the FTC's $5 billion fine of Facebook with other large enforcements for privacy violations.


Published: August 2019


View Infographic (PDF)

This resource provides an overview of the largest global privacy and security fines as of August 2019, with a focus on the FTC-Facebook $5 billion settlement.

The IAPP Resource Center additionally hosts an Enforcement topic page, which regularly updates with the latest relevant content.

Largest global privacy and security fines as of 2019

FTC-Facebook

Fine amount: $5 billion

The U.S. Federal Trade Commission has fined Facebook a record-breaking $5 billion and required the company to implement an "unprecedented" and modified corporate governance structure for violating its 2012 FTC consent decree.
View Article

FTC-Equifax

Fine amount: $700 million

Equifax, Inc. agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories to settle allegations that the credit reporting company's failed to take reasonable steps to secure its network.
View Article

ICO-British Airways

Fine amount: $228.75 million* - Intent to fine

Following an extensive investigation the ICO has issued a notice of its intention to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).
View Article

State AGs-Uber

Fine amount: $148 million

A group of attorneys general from 50 states and the District of Columbia reached a $148 million settlement with Uber to address the ride-sharing company’s failure to promptly report a data breach affecting its drivers and passengers.
View Article

ICO-Marriott

Fine amount: $124 million* Intent to fine

Following an extensive investigation the ICO has issued a notice of its intention to fine Marriott International £99,200,396 for infringements of the General Data Protection Regulation (GDPR).
View Article

FTC-Blue Global

Fine amount: $104.47 million

The FTC settled with Blue Global LLC for more than $104 million in damages, all arising from allegations that Blue Global’s “ping tree” lead-generation tool ran afoul of the FTC’s prohibition on unfair or deceptive acts or practices.
View Article

SEC-Facebook

Fine amount: $100 million

The Securities and Exchange Commission today announced charges against Facebook Inc. for making misleading disclosures regarding the risk of misuse of Facebook user data.
View Article

CNIL-Google

Fine amount: $55.5 million

On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.
View Article

SEC-Yahoo

Fine amount: $35 million

The Securities and Exchange Commission today announced that the entity formerly known as Yahoo! Inc. has agreed to pay a $35 million penalty to settle charges that it misled investors by failing to disclose one of the world’s largest data breaches in which hackers stole personal data relating to hundreds of millions of user accounts.
View Article

FTC-Google

Fine amount: $22.5 million

Google Inc. has agreed to pay a record $22.5 million civil penalty to settle Federal Trade Commission charges that it misrepresented to users of Apple Inc.’s Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.
View Article

State AGs-Target

Fine amount: $18.5 million

State attorneys general from 47 states and the District of Columbia announced a settlement agreement with Target Corporation to resolve the states’ investigation into the company’s 2013 data breach.
View Article