Cautionary Tales
15 Examples of how a lack of/disregard for data governance can cost millions 💵
CASE STUDY 1
Ireland's Data Protection Commission fined Meta €1.2 billion ($1.3 billion) for transferring personal data without adequate safeguards, violating GDPR.
CASE STUDY 2
China's Cyberspace Administration fined Didi Global 8.026 billion yuan ($1.19 billion) for illegally collecting user data over seven years.
CASE STUDY 3
Luxembourg's data protection authority fined Amazon €746 million ($877 million) for GDPR violations related to targeted advertising.
CASE STUDY 4
Equifax was fined at least $575 million by the U.S. FTC for a 2017 data breach exposing personal information of nearly 150 million people.
CASE STUDY 5
The UK's Information Commissioner's Office fined Marriott £18.4 million ($24.3 million) for failing to protect the personal data of 339 million guests.
CASE STUDY 6
Ireland's Data Protection Commission fined Meta €251 million ($356 million) for a 2018 data breach affecting 29 million users.
CASE STUDY 7
The Dutch Data Protection Authority fined Uber €290 million ($324 million) for transferring European drivers' data without safeguards, violating GDPR.
CASE STUDY 8
Clearview AI was fined €30.5 million ($33.7 million) for scraping social media photos without consent, violating GDPR.
CASE STUDY 9
Ireland's Data Protection Commission fined TikTok €345 million ($379 million) for mishandling children's data and violating GDPR.
CASE STUDY 10
T-Mobile settled with the FCC for $31.5 million over data breaches affecting tens of millions of U.S. consumers.
CASE STUDY 11
Meta agreed to pay Texas $1.4 billion to settle a lawsuit over collecting biometric data without consent, marking the largest state privacy-related settlement.
CASE STUDY 12
France's CNIL fined Google €50 million ($57 million) for failing to inform users about data collection methods, violating GDPR.
CASE STUDY 13
The UK's Information Commissioner's Office fined British Airways £20 million ($26 million) for a data breach affecting over 400,000 customers.
CASE STUDY 14
The UK's Information Commissioner's Office fined Marriott £18.4 million ($23.8 million) for a 2014 cyberattack compromising 339 million guests' data.
CASE STUDY 15
The Hamburg Data Protection Authority fined H&M €35 million ($41 million) for illegally surveilling employees and recording private details, violating GDPR.