Responsibility for leakage of personal data: the most famous cases
Contents:
- Twitter company: a fine in the amount of 450 thousand euros
- Google: a fine of 50 million euros
- Company H&M: a fine of more than 35 million euros
- Facebook company: $ 650 million lawsuit and $ 5 billion fine
- British Airways: $ 26 million fine
- Marriott: £ 18 million fine
Responsibility for leakage of personal data: the most famous cases
The collection, storage and processing of personal information is governed by the relevant regulatory requirements. For the leakage of personal data, the law provides for administrative liability. According to statistics, the cause of confidential information leakage is various equipment malfunctions, cyberattacks, erroneous or deliberate actions of the company's personnel.
In a number of cases, such situations led to high-profile trials, which ended in serious fines for the perpetrators of the incident and became a significant blow to their reputation.
Here are a few cases that are related to user data leakage and made a lot of noise, as well-known corporations became the culprits of the incidents.
Twitter: € 450 thousand
In 2018, Twitter was fined € 450,000 by an Irish court for leaking sensitive user data. The cause of the incident was a malfunction in the functioning of microblogging. According to a company spokesman, the organization had overlaps with staffing during the Christmas holidays. The situation led to a technical malfunction, due to which hidden user accounts were freely available if the account owner changed the e-mail associated with the account.
Google: € 50 million
In 2020, the French supervisory authority awarded Google with three large fines, which totaled 50 million euros. The regulator said that the reason for the incident was the lack of transparency in the rules for processing personal information of users. Services owned by Google automatically placed cookies on the user's device before receiving his consent. This is a violation of the law on the collection of personal data.
In 2019, a US court sentenced Google to a $ 170 million fine for violating the federal COPPA law by YouTube, which is owned by Google. The violation was that the service collected and processed data from underage users without the knowledge of parents or legal representatives.
H&M: over 35 million euros
A large clothing manufacturer was fined over 35 million euros by a German court for leaking personal data of employees. In the course of the investigation, it turned out that the company illegally collected personal data of personnel, which relate to religion, health, leisure preferences, etc. The purpose of the event, representatives of H&M called the search and implementation of effective methods to increase the productivity of employees.
No less high-profile was the case of the German electronics company Notebooksbilliger. The court fined the company for the unrestricted use of video surveillance, which was carried out in retail and warehouse premises.
Facebook: $ 650 million lawsuit and $ 5 billion fine
Facebook was among the penalties for using the function of recognizing and marking faces in a photo without the prior permission of social network users. A class action lawsuit was filed against the infringer in Illinois, and the court ruled in favor of the plaintiffs. Over 1.6 million social media users have received a refund of $ 340.
This is far from the largest amount that Facebook had to pay for a violation in this area. In 2019, the company was ordered by a court to pay a record high fine of $ 5 billion for an opaque personal data processing policy. During the investigation, it turned out that Facebook was transferring private information about users to third parties.
British Airways: $ 26 million
The British airline became a party to the lawsuit and was fined 20 million euros for leaking customer and employee data. As a result of the hack, the personal information of about 429 thousand people was in the public domain. Initially, the court wanted to fine the culprit in the amount of $ 238 million, but due to the difficult situation in the air transportation market, British Airways managed to appeal the sentence and achieve a reduction in the penalty.
Marriott: £ 18 million
The largest player in the hospitality industry was also hit by a cyberattack that made the personal data of 338 million customers publicly available. The initial amount of the fine was 100 million pounds, but later the court reduced the amount to 18 million due to the difficult situation in the tourist services market.
All these examples clearly show how important it is to comply with the requirements for the protection of personal data and the GDPR regulation, any site that allows a European citizen to enter it is the subject responsible for compliance with the GDPR. A4 Law Firm is ready to provide professional assistance in the preparation of documents for the website and the development of the necessary mechanisms to comply with legal requirements, monitors innovations related to the protection of personal data, and is ready to advise you on all issues.
QUESTIONS?