The General Data Protection Regulation (GDPR)’s 984.47 million euro fines (more than $1.14 billion) in the third quarter of 2021 was almost 20 times higher than the combined total of Q1 and Q2, and triple the total amount of fines in all of 2020, according to a Finbold report Monday (Oct. 4).
The high fines in the third quarter of 2021 could be a reflection of the fact that GDPR investigations are lengthy, so the cases being imposed with fines could date back to the beginning or close to the start of the watchdog agency’s inception about three years ago.
Many companies hit with GDPR fines appeal the rulings and eventually pay less — or nothing at all, according to the report.
Amazon EuropeCore S.à.r.l snagged the biggest fine at €746 million (about $867 million), followed by WhatsApp Ireland Ltd at €225 million (almost $262 million). Google is in the third spot with fines amounting to €50 million (more than $58 million).
WhatsApp’s GDPR fine was a result of the company not telling users how it shared data with its parent company, social media behemoth Facebook.
By country, Luxembourg accounts for the highest cumulative fines at €746.07 million (over $867 million) from 11 cases, followed by Ireland at €225 million tally (almost $262 million). Italy ranked third, paying €86 million (around $100 million) from 92 cases.
Spain had the most number of cases through the first nine months of 2021, with 296 incidents.
Related: GDPR Penalties Escalate As EU Officials Crack Down
In January, fines levied under the GDPR jumped almost 40% from the previous year as EU regulators stepped up enforcement efforts.