EU businesses were fined over €830m for GDPR violations in 2022, with Meta paying over 80% 

As of December 2022, companies paid a total of €2.83 billion in 1,401 cases for violating various data protection laws. Out of that, GDPR fines in 2022 total €832m, which is 36% lower than the €1.3 billion paid in 2021. 

However, last year stands out not in the total sum fined but in the severity of the charges imposed on a single entity — Meta. While the heftiest sum charged for violations was recorded in Q3 of 2021, the third quarter of 2022 was also significant, as businesses were penalised €430m, notes Atlas VPN.

Meta fined hundreds of millions, repeatedly

Distinctively, the majority of the penalties in 2022 were paid by tech behemoth - Meta. The Data Protection Commission (DPC), an authority for GDPR enforcement in Ireland, imposed a €405m fine for Meta Platforms Ireland Limited (Instagram) on 5 September 2022. 

Two issues were found with the processing of personal data pertaining to child users of Instagram. The children’s email addresses and phone numbers were publicly exposed when using the Instagram business account function, and Instagram profiles of kids were public-by-default.

Another hefty sum of €265m was penalised to the same entity on 25 November 2022, when the DPC declared that Meta had infringed two articles of the EU’s data protection laws after details of Facebook users from around the world were scraped from public profiles in 2018 and 2019. 

Moreover, the DPC issued a “reprimand and an order” forcing Meta to “bring its processing into compliance by executing a range of specified remedial activities within a specific deadline”. Meta complied and made the adjustments within the required timeframe. 

To date, Meta has paid around €1 billion for GDPR violations.