2018 was a year that saw data protection regulations tighten across the globe following the implementation of GDPR, with businesses facing hefty fines for non-compliance. Analysts from SearchInform have reviewed fines for some of the major cyberincidents which happened last year.
World IT giants including Uber, Yahoo!, Equifax and Facebook were fined a total sum of US$246.8 million for data leakage in 2018.
The year 2018 passed under the sign of fines. The first penalties under the GDPR were issued although the main fines were imposed not by the European Commission, but by other regulators. Analysts from SearchInform have calculated the damage from the inept handling of data.
The great and mighty GDPR made a lot of noise in 2018 – the first fines show that the regulators are serious.
In Austria the first fine for GDPR violation was imposed on the owner of a retail establishment that installed the surveillance camera in front of its institution. The reason was that the entrepreneur had placed a surveillance camera which not only captured too much of the pavement in front of the establishment but it was not properly marked as conducting video surveillance. Large-scale monitoring of public places is not allowed under the requirements of the GDPR. Therefore, the Austrian DPA hit the company with a €4,800 fine.
According to a statement by the regional Baden-Württemberg data protection authority (LfDI Baden-Württemberg) the Knuddels.de platform was fined €20,000. The fine followed the exposure of 330,000 users’ personal information, including their passwords and email addresses. This is the first time that GDPR was applied in Germany.
Uber was penalised for a 2016 incident. The taxi service was awarded a record fine of US$148 million due to the claims from 50 states. Europe also did not stand aside. The data protection agency of the Netherlands fined Uber €600,000 while the UK Data Protection Commission decided on £385,000. The sum of European fines amounted to €1 million. The punishment did not come for the leak itself, but for hiding it.
A federal court held Yahoo! to account for data breaches that occurred in 2013 and 2014. The breaches are considered the largest in history. In April 2018, the United States Securities and Exchange Commission (SEC) imposed a US$35 million fine to the company for failing to disclose data breach to its investors and auditors. In October 2018, Yahoo! agreed to pay US$50 million in compensation and provide a minimum of two years of free credit monitoring to 200 million victims.
In September, the situation with the data breach in the American bureau of credit histories Equifax was resolved. The leak occurred a year earlier, in 2017, and involved 147 million people. The company received a fine of £500,000 from the UK.
On July 17, 2018, the Portuguese Data Protection Commission (CNPD) fined a hospital €400,000. A vulnerability was found in the medical record storage system that allowed access to patient data through fake employee profiles. There were 985 registered doctors’ accounts despite the fact that the total number of doctors was 296. Moreover, doctors had unrestricted access to all patient files, regardless of the doctor’s speciality.
According to the law, individuals are as responsible as organisations. In September 2018, Singapore authorities fined a Chinese security researcher SGD$5,000 (US$3,600) for hacking into a local hotel’s Wi-Fi system without authorisation and then publishing a blog post about it, revealing passwords for the hotel’s internal network.
The unfolding events around Facebook have also changed the company’s position in the global market. In March, the company was at the centre of the Cambridge Analytica data scandal. Due to this, Facebook shares finished down about 6.8%, the company’s capitalisation fell below US$511.5 billion. CEO Mark Zuckerberg lost around US$11 billion in his personal worth. Moreover, the UK regulator fined the company US$645,000.
The Italian Competition Authority (ICA) imposed the second privacy-related fine in Europe on Facebook. On December 7, 2018, Facebook was hit with two fines, totalling €10 million (about US$11.3 million), for violating Italy’s Consumer Code.
Click below to share this article
