Germany most active in imposing fines for violation of EU data protection law


(Photo: Agencies)

BERLIN, May 24 (Xinhua) -- Data protection authorities across Germany imposed 42 fines for violations of the European General Data Protection Regulation (GDPR) in 2018, a study conducted by the accountancy firm Ernst & Young (EY) showed.

The German data protection authorities had been the "most active" compared to 15 other European countries, according to the EY study sent to Xinhua on Friday.

With only 12 cases of fines being imposed, Latvia came in second place after Germany, followed by France with 10.

One of the highest fines in Germany was recently imposed on the German online bank N26, the newspaper Der Tagespiegel reported on Thursday.

N26 was fined 50,000 euros ($55,918) for "unauthorized processing of personal data of former customers", according to the data protection watchdog in Berlin.

On average, the fines for breaching the data protection law amounted to 16,113 euros in Germany, the EY survey showed.

Across Europe, data protection authorities had still been "extremely reluctant" to impose fines as required by the GDPR which was introduced 12 months ago, EY added.

Among the 16 European countries analyzed, nine imposed no fine at all for violating the European law for data protection.

The highest individual fine for violating the GDPR in Europe, with 600,000 euros in 2018, was imposed in the Netherlands. Dutch data protection authorities had fined the US American mobility service provider Uber for withholding information about data theft.

EY is expecting that the "European supervisory authorities will implement their announcements for 2019 and increasingly impose higher fines".

"The period of grace" would now be over, emphasized Peter Katko, consultant at EY.

Back in January, the French data protection authority Commission Nationale de l'Informatique et des Libertes (CNIL) had sentenced Google to pay a record fine of 50 million euros.

The French data protectors criticized the lack of transparency for the users of Google's services and that user information on data protection was not sufficiently precise and comprehensive.

"Although the obligation to report data breaches is not a novelty, the GDPR has increased awareness," explained EY consultant Katko. In many companies, "every data protection incident is now being reported".