{
  "meta": {
    "name": "Tech Fines Directory",
    "url": "https://guptadeepak.com/tech-fines/",
    "description": "Tech Fines is a neutral, accuracy-first directory of the major fines, penalties, and settlements imposed on large technology companies, including Google, Meta, Apple, Microsoft, Amazon, OpenAI, and TikTok, across privacy, antitrust, and consumer-protection law from 2004 to today. Every entry records the amount in its original currency, the regulator and law, what happened, how it affected ordinary users, the current appeal status, and primary sources.",
    "license": "https://creativecommons.org/licenses/by/4.0/",
    "attribution": "Deepak Gupta, guptadeepak.com",
    "generated": "2026-07-02",
    "totalCount": 60,
    "totalImposedUsdApprox": 54144300000
  },
  "categories": [
    {
      "slug": "privacy",
      "title": "Data Privacy",
      "short": "Privacy",
      "tag": "ocean",
      "tagline": "Collecting or using personal data without a valid legal basis.",
      "intro": "Privacy is the single largest source of major tech penalties. Most cases turn on the same failure: processing personal data (for advertising, profiling, or transfer abroad) without valid consent or another lawful basis. In the EU this is enforced under the GDPR, chiefly by Ireland's Data Protection Commission and national authorities like France's CNIL; in the US it runs through the FTC and state attorneys general."
    },
    {
      "slug": "antitrust",
      "title": "Antitrust & Competition",
      "short": "Antitrust",
      "tag": "plum",
      "tagline": "Abusing platform dominance to disadvantage rivals.",
      "intro": "Antitrust cases target companies that use a dominant position (in search, mobile operating systems, app stores, or ad tech) to foreclose competitors. The European Commission has led here since the 2004 Microsoft case, and the Digital Markets Act now adds conduct rules with their own fines. National competition authorities in France, Italy, and India have brought parallel actions."
    },
    {
      "slug": "consumer-deception",
      "title": "Consumer Deception",
      "short": "Deception",
      "tag": "amber",
      "tagline": "Misleading users about products, prices, or their own controls.",
      "intro": "These cases involve misleading marketing or hidden behaviour: fake privacy controls, undisclosed device throttling, or misrepresented product claims. They are often brought by consumer-protection regulators and state attorneys general rather than data or competition authorities."
    },
    {
      "slug": "children-safety",
      "title": "Children's Safety",
      "short": "Children",
      "tag": "rose",
      "tagline": "Collecting children's data or exposing minors without safeguards.",
      "intro": "Children's-safety cases cover the unlawful collection of minors' data (in the US under COPPA) and design choices that expose children, such as default-public accounts or visible contact details. Regulators treat these as aggravating because minors cannot meaningfully consent."
    },
    {
      "slug": "dark-patterns",
      "title": "Dark Patterns",
      "short": "Dark patterns",
      "tag": "indigo",
      "tagline": "Interface designs that nudge or trap users into unwanted choices.",
      "intro": "Dark patterns are interface designs that manipulate users: making it far harder to refuse cookies than to accept them, or burying subscription cancellation behind deliberate friction. Both EU cookie-consent enforcement and the FTC's Prime case fall here."
    },
    {
      "slug": "biometrics",
      "title": "Biometric Data",
      "short": "Biometrics",
      "tag": "rose",
      "tagline": "Capturing faceprints or voiceprints without consent.",
      "intro": "Biometric cases concern the capture of faceprints, voiceprints, and similar identifiers without consent. US state laws (notably Illinois' BIPA and Texas' biometric statute) have produced some of the largest single-jurisdiction settlements on record."
    },
    {
      "slug": "tax",
      "title": "Tax & State Aid",
      "short": "Tax",
      "tag": "olive",
      "tagline": "Recovery of unlawful tax advantages (not a penalty).",
      "intro": "State-aid tax recoveries are not fines. The European Commission orders a company to repay tax benefits a member state granted unlawfully. They are included here because of their scale and prominence, and because their appeal histories are instructive; the methodology page explains the distinction."
    },
    {
      "slug": "content-moderation",
      "title": "Content & Speech",
      "short": "Content",
      "tag": "amber",
      "tagline": "Compliance with content-removal and platform-conduct orders.",
      "intro": "These cases concern compliance with national content-removal rules and platform-conduct obligations. Enforcement and collection can be complicated by geopolitics, so headline amounts do not always translate into money actually paid."
    },
    {
      "slug": "security-breach",
      "title": "Security & Data Exposure",
      "short": "Security",
      "tag": "ocean",
      "tagline": "Design failures that exposed user data to leakage or misuse.",
      "intro": "Security cases involve design failures that let personal data be scraped, leaked, or improperly accessed. They overlap heavily with privacy but centre on a breach of the duty to secure data rather than the legal basis for processing it."
    }
  ],
  "companies": [
    {
      "slug": "google",
      "name": "Google",
      "legalName": "Alphabet Inc.",
      "blurb": "The world's dominant search engine and mobile-OS vendor (Android), and one of the two largest digital-advertising companies. Its penalty record spans EU antitrust, US privacy, and repeated French cookie-consent enforcement."
    },
    {
      "slug": "meta",
      "name": "Meta",
      "legalName": "Meta Platforms, Inc.",
      "blurb": "Owner of Facebook, Instagram, and WhatsApp. Meta holds the record for the most separate major GDPR penalties and the largest GDPR fine to date, alongside record US privacy and biometric settlements."
    },
    {
      "slug": "apple",
      "name": "Apple",
      "legalName": "Apple Inc.",
      "blurb": "The iPhone and App Store maker. Its fines cluster around App Store rules, anti-steering, and consumer-protection cases (Batterygate), including the first Digital Markets Act penalty."
    },
    {
      "slug": "microsoft",
      "name": "Microsoft",
      "legalName": "Microsoft Corporation",
      "blurb": "Owner of Windows, Bing, and LinkedIn. Microsoft was the defendant in the landmark 2004 EU antitrust case, and LinkedIn drew a major GDPR fine in 2024."
    },
    {
      "slug": "amazon",
      "name": "Amazon",
      "legalName": "Amazon.com, Inc.",
      "blurb": "The largest Western e-commerce and cloud company, owner of Alexa and Ring. Its record includes the largest GDPR fine ever issued (Luxembourg) and a $2.5B FTC dark-patterns settlement over Prime."
    },
    {
      "slug": "openai",
      "name": "OpenAI",
      "legalName": "OpenAI, L.L.C.",
      "blurb": "The maker of ChatGPT. Far younger than the other companies here, OpenAI has a short but growing regulatory record centred on how it trains models on personal data."
    },
    {
      "slug": "tiktok",
      "name": "TikTok",
      "legalName": "ByteDance Ltd.",
      "blurb": "The short-video platform owned by ByteDance. Its EU penalties centre on children's safety and unlawful transfers of user data to China."
    },
    {
      "slug": "x",
      "name": "X (Twitter)",
      "legalName": "X Corp.",
      "blurb": "The social platform formerly known as Twitter. Its notable penalty concerns using security phone numbers for ad targeting."
    },
    {
      "slug": "uber",
      "name": "Uber",
      "legalName": "Uber Technologies, Inc.",
      "blurb": "The ride-hailing company. Its largest privacy penalty concerned transferring EU drivers' data, including sensitive documents, to the US without safeguards."
    },
    {
      "slug": "didi",
      "name": "Didi",
      "legalName": "DiDi Global Inc.",
      "blurb": "China's dominant ride-hailing company. Its 2022 penalty was one of the largest data-security actions ever brought by a national regulator."
    }
  ],
  "regulators": [
    {
      "slug": "european-commission",
      "name": "European Commission",
      "short": "EC",
      "jurisdiction": "EU",
      "blurb": "The EU's executive and its primary antitrust enforcer, and the authority behind Digital Markets Act fines and state-aid tax recoveries.",
      "url": "https://competition-cases.ec.europa.eu"
    },
    {
      "slug": "irish-dpc",
      "name": "Irish Data Protection Commission",
      "short": "DPC",
      "jurisdiction": "Ireland / EU",
      "blurb": "Lead GDPR authority for most US tech firms with EU headquarters in Dublin. The most consequential privacy regulator by fine volume.",
      "url": "https://www.dataprotection.ie/en/news-media/press-releases"
    },
    {
      "slug": "cnil",
      "name": "CNIL",
      "short": "CNIL",
      "jurisdiction": "France",
      "blurb": "France's data-protection authority, notable for aggressive enforcement of cookie-consent rules under the ePrivacy Directive.",
      "url": "https://www.cnil.fr/en/sanctions"
    },
    {
      "slug": "ftc",
      "name": "US Federal Trade Commission",
      "short": "FTC",
      "jurisdiction": "US",
      "blurb": "The main US consumer-protection and privacy enforcer, acting under the FTC Act and COPPA against deception, dark patterns, and children's-data violations.",
      "url": "https://www.ftc.gov/news-events/news/press-releases"
    },
    {
      "slug": "autorite-concurrence",
      "name": "Autorité de la concurrence",
      "short": "Autorité",
      "jurisdiction": "France",
      "blurb": "France's competition authority, active on ad-tech self-preferencing, news-copyright bargaining, and distribution practices.",
      "url": "https://www.autoritedelaconcurrence.fr/en"
    },
    {
      "slug": "cci",
      "name": "Competition Commission of India",
      "short": "CCI",
      "jurisdiction": "India",
      "blurb": "India's competition regulator, which fined Google over Android and Play Store billing dominance.",
      "url": "https://www.cci.gov.in"
    },
    {
      "slug": "kftc",
      "name": "Korea Fair Trade Commission",
      "short": "KFTC",
      "jurisdiction": "South Korea",
      "blurb": "South Korea's competition authority, which penalised Google over restrictions on customised Android versions.",
      "url": "https://www.ftc.go.kr/eng"
    },
    {
      "slug": "pipc",
      "name": "Personal Information Protection Commission",
      "short": "PIPC",
      "jurisdiction": "South Korea",
      "blurb": "South Korea's data-protection authority, which fined Meta over sensitive-data collection for advertising.",
      "url": "https://www.pipc.go.kr/eng"
    },
    {
      "slug": "acm",
      "name": "Authority for Consumers and Markets",
      "short": "ACM",
      "jurisdiction": "Netherlands",
      "blurb": "The Dutch competition and consumer authority, which imposed weekly penalties on Apple over dating-app payment rules.",
      "url": "https://www.acm.nl/en"
    },
    {
      "slug": "agcm",
      "name": "Autorità Garante della Concorrenza e del Mercato",
      "short": "AGCM",
      "jurisdiction": "Italy",
      "blurb": "Italy's competition and consumer authority, active against Amazon logistics self-preferencing and Apple consumer claims.",
      "url": "https://en.agcm.it"
    },
    {
      "slug": "garante",
      "name": "Garante per la protezione dei dati personali",
      "short": "Garante",
      "jurisdiction": "Italy",
      "blurb": "Italy's data-protection authority, which brought the first major GDPR action against ChatGPT.",
      "url": "https://www.garanteprivacy.it/home_en"
    },
    {
      "slug": "cnpd",
      "name": "Commission Nationale pour la Protection des Données",
      "short": "CNPD",
      "jurisdiction": "Luxembourg",
      "blurb": "Luxembourg's data-protection authority, lead GDPR regulator for Amazon's EU operations.",
      "url": "https://cnpd.public.lu/en.html"
    },
    {
      "slug": "dutch-dpa",
      "name": "Autoriteit Persoonsgegevens",
      "short": "AP",
      "jurisdiction": "Netherlands",
      "blurb": "The Dutch data-protection authority, which fined Uber over transfers of EU driver data to the US.",
      "url": "https://autoriteitpersoonsgegevens.nl/en"
    },
    {
      "slug": "ico",
      "name": "Information Commissioner's Office",
      "short": "ICO",
      "jurisdiction": "United Kingdom",
      "blurb": "The UK's data-protection authority, which issued the pre-GDPR maximum penalty over Cambridge Analytica.",
      "url": "https://ico.org.uk"
    },
    {
      "slug": "dgccrf",
      "name": "DGCCRF",
      "short": "DGCCRF",
      "jurisdiction": "France",
      "blurb": "France's consumer-protection and fraud-control directorate, which fined Apple over undisclosed iPhone throttling.",
      "url": "https://www.economie.gouv.fr/dgccrf"
    },
    {
      "slug": "cac",
      "name": "Cyberspace Administration of China",
      "short": "CAC",
      "jurisdiction": "China",
      "blurb": "China's internet regulator, which imposed a sweeping data-security penalty on Didi.",
      "url": "https://www.cac.gov.cn"
    },
    {
      "slug": "texas-ag",
      "name": "Texas Attorney General",
      "short": "Texas AG",
      "jurisdiction": "US (Texas)",
      "blurb": "The Texas Attorney General, which secured the two largest single-state privacy settlements, against Meta and Google.",
      "url": "https://www.texasattorneygeneral.gov/news"
    },
    {
      "slug": "us-states",
      "name": "US State Attorneys General",
      "short": "US States",
      "jurisdiction": "US (multistate)",
      "blurb": "Coalitions of state attorneys general that negotiate multistate settlements over privacy, antitrust, and consumer-protection conduct."
    },
    {
      "slug": "us-court",
      "name": "US Federal Court",
      "short": "US Court",
      "jurisdiction": "US",
      "blurb": "US federal courts that approved major class-action settlements over consumer and privacy claims."
    },
    {
      "slug": "illinois-court",
      "name": "Illinois State Court",
      "short": "Illinois",
      "jurisdiction": "US (Illinois)",
      "blurb": "Illinois courts that approved class-action settlements under the Biometric Information Privacy Act (BIPA)."
    },
    {
      "slug": "roskomnadzor",
      "name": "Roskomnadzor",
      "short": "RKN",
      "jurisdiction": "Russia",
      "blurb": "Russia's communications and media regulator, which levied turnover fines on Google over content-removal compliance."
    }
  ],
  "violations": [
    {
      "slug": "google-eu-shopping-2017",
      "company": "google",
      "title": "Google fined €2.42B for favouring its own shopping service",
      "year": 2017,
      "dateAnnounced": "2017-06-27",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "Antitrust (Art. 102 TFEU)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 2420000000,
        "currency": "EUR",
        "usdApprox": 2610000000
      },
      "penaltyType": "fine",
      "status": "final",
      "statusHistory": [
        {
          "date": "2024-09-10",
          "event": "Upheld by the EU Court of Justice, ending the appeal."
        }
      ],
      "summary": "The European Commission found that Google abused its search dominance by systematically placing its own comparison-shopping service at the top of results while demoting rival services.",
      "userImpact": "Users were steered toward Google's own shopping results rather than the cheapest or most relevant options, and rival comparison sites lost the visibility that let consumers find better prices.",
      "sources": [
        {
          "title": "European Commission press release (IP/17/1784)",
          "url": "https://ec.europa.eu/commission/presscorner/detail/en/IP_17_1784",
          "type": "regulator"
        }
      ],
      "related": [
        "google-eu-adtech-2025",
        "google-france-adtech-2021"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-eu-android-2018",
      "company": "google",
      "subBrand": "Android",
      "title": "Google fined €4.34B over Android licensing restrictions",
      "year": 2018,
      "dateAnnounced": "2018-07-18",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "Antitrust (Art. 102 TFEU)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 4125000000,
        "currency": "EUR",
        "usdApprox": 4455000000
      },
      "penaltyType": "fine",
      "status": "reduced",
      "statusHistory": [
        {
          "date": "2018-07-18",
          "event": "Original fine of €4.34B imposed.",
          "newAmountUsd": 4690000000
        },
        {
          "date": "2022-09-14",
          "event": "Reduced to €4.125B by the EU General Court.",
          "newAmountUsd": 4455000000
        }
      ],
      "summary": "The Commission ruled that Google required phone makers to pre-install Search and Chrome as a condition of licensing the Play Store, paid manufacturers for exclusivity, and blocked forked versions of Android. It remains the largest antitrust fine the EU has issued.",
      "userImpact": "Search-engine and browser choice was reduced by default on billions of Android devices, entrenching Google's data collection as the out-of-the-box option.",
      "sources": [
        {
          "title": "European Commission press release (IP/18/4581)",
          "url": "https://ec.europa.eu/commission/presscorner/detail/en/IP_18_4581",
          "type": "regulator"
        }
      ],
      "related": [
        "google-india-android-2022",
        "google-southkorea-android-2021"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-eu-adsense-2019",
      "company": "google",
      "subBrand": "AdSense",
      "title": "Google's €1.49B AdSense fine, later annulled",
      "year": 2019,
      "dateAnnounced": "2019-03-20",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "Antitrust (Art. 102 TFEU)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 1490000000,
        "currency": "EUR",
        "usdApprox": 1610000000
      },
      "penaltyType": "fine",
      "status": "annulled",
      "statusHistory": [
        {
          "date": "2019-03-20",
          "event": "€1.49B fine imposed for restrictive AdSense clauses."
        },
        {
          "date": "2024-09-18",
          "event": "Annulled by the EU General Court; the Commission's abuse findings were not fully upheld.",
          "newAmountUsd": 0
        }
      ],
      "summary": "The Commission fined Google for imposing clauses on websites using AdSense for Search that blocked them from displaying rival search ads. In September 2024 the EU General Court annulled the decision.",
      "userImpact": "The alleged conduct reduced competition in search advertising, which indirectly raised costs and limited the range of ad-funded services available to users.",
      "sources": [
        {
          "title": "European Commission press release (IP/19/1770)",
          "url": "https://ec.europa.eu/commission/presscorner/detail/en/IP_19_1770",
          "type": "regulator"
        }
      ],
      "related": [
        "google-eu-adtech-2025"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-eu-adtech-2025",
      "company": "google",
      "title": "Google fined €2.95B over ad-tech self-preferencing",
      "year": 2025,
      "dateAnnounced": "2025-09-05",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "Antitrust (Art. 102 TFEU)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 2950000000,
        "currency": "EUR",
        "usdApprox": 3500000000
      },
      "penaltyType": "fine",
      "status": "under-appeal",
      "summary": "The Commission found that Google abused its dominance across the advertising-technology stack by favouring its own ad exchange (AdX) in both its publisher ad server and its ad-buying tools, a conflict of interest across the chain.",
      "userImpact": "Publishers earned less and advertisers paid more, costs that flow through to consumers, and the open web's ad-funded model was weakened.",
      "sources": [
        {
          "title": "European Commission competition case search",
          "url": "https://competition-cases.ec.europa.eu",
          "type": "regulator"
        },
        {
          "title": "Euronews: EU actions on Big Tech in 2025",
          "url": "https://www.euronews.com/next/2025/12/17/eu-takes-on-big-tech-here-are-the-top-actions-regulators-have-taken-in-2025",
          "type": "news"
        }
      ],
      "related": [
        "google-eu-shopping-2017",
        "google-france-adtech-2021"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-us-youtube-coppa-2019",
      "company": "google",
      "subBrand": "YouTube",
      "title": "YouTube's $170M COPPA settlement over children's data",
      "year": 2019,
      "dateAnnounced": "2019-09-04",
      "jurisdiction": "US",
      "regulator": "ftc",
      "law": "COPPA",
      "category": [
        "privacy",
        "children-safety"
      ],
      "amount": {
        "value": 170000000,
        "currency": "USD",
        "usdApprox": 170000000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "The FTC and the New York Attorney General alleged that YouTube collected personal data from viewers of child-directed channels through cookies, without parental consent, and used it for targeted advertising. It was a record COPPA penalty at the time.",
      "userImpact": "Children were tracked and profiled for advertising in violation of US children's privacy law.",
      "sources": [
        {
          "title": "FTC press release",
          "url": "https://www.ftc.gov/news-events/news/press-releases/2019/09/google-youtube-will-pay-record-170-million-alleged-violations-childrens-privacy-law",
          "type": "regulator"
        }
      ],
      "related": [
        "amazon-us-alexa-coppa-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-us-location-2022",
      "company": "google",
      "title": "Google's $391.5M location-tracking settlement",
      "year": 2022,
      "dateAnnounced": "2022-11-14",
      "jurisdiction": "US",
      "regulator": "us-states",
      "law": "State consumer-protection law",
      "category": [
        "privacy",
        "consumer-deception"
      ],
      "amount": {
        "value": 391500000,
        "currency": "USD",
        "usdApprox": 391500000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "Forty US states settled claims that Google misled users into believing location tracking was off while it kept collecting location data through other settings such as Web & App Activity. It was the largest multistate privacy settlement at the time.",
      "userImpact": "Users who explicitly opted out of location history were still tracked, and their movements fed advertising profiles without informed consent.",
      "sources": [
        {
          "title": "Michigan AG announcement (multistate settlement)",
          "url": "https://www.michigan.gov/ag/news/press-releases/2022/11/14/ag-nessel-google-settlement",
          "type": "regulator"
        },
        {
          "title": "Proton: Big Tech fines analysis",
          "url": "https://proton.me/blog/big-tech-three-billion-fines",
          "type": "news"
        }
      ],
      "related": [
        "google-us-texas-biometric-2025"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-us-play-2023",
      "company": "google",
      "subBrand": "Play Store",
      "title": "Google's $700M Play Store settlement with US states",
      "year": 2023,
      "dateAnnounced": "2023-12-18",
      "jurisdiction": "US",
      "regulator": "us-states",
      "law": "State antitrust law",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 700000000,
        "currency": "USD",
        "usdApprox": 700000000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "All 50 states settled antitrust claims over Play Store billing restrictions and deals that limited rival app stores. Of the total, $630M went to a consumer fund and $70M to the states.",
      "userImpact": "Mandatory in-app commissions of roughly 30% inflated prices; the consumer fund refunded affected US buyers.",
      "sources": [
        {
          "title": "Utah AG announcement",
          "url": "https://attorneygeneral.utah.gov",
          "type": "regulator"
        },
        {
          "title": "Wikipedia: Google Play antitrust",
          "url": "https://en.wikipedia.org/wiki/Google_Play#Antitrust",
          "type": "news"
        }
      ],
      "related": [
        "apple-eu-dma-appstore-2025",
        "google-india-play-2022"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-us-texas-biometric-2025",
      "company": "google",
      "title": "Google's $1.375B Texas biometric and privacy settlement",
      "year": 2025,
      "dateAnnounced": "2025-05-09",
      "jurisdiction": "US (Texas)",
      "regulator": "texas-ag",
      "law": "Texas CUBI / DTPA",
      "category": [
        "biometrics",
        "privacy"
      ],
      "amount": {
        "value": 1375000000,
        "currency": "USD",
        "usdApprox": 1375000000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "Texas settled claims that Google unlawfully captured biometric data such as face and voice identifiers and made misleading claims about Incognito mode and location tracking. It is one of the largest single-state privacy settlements on record.",
      "userImpact": "Texans' biometric identifiers and browsing behaviour were collected without the consent the law requires.",
      "sources": [
        {
          "title": "Texas Attorney General newsroom",
          "url": "https://www.texasattorneygeneral.gov/news",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-us-texas-biometric-2024",
        "google-us-location-2022"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-france-cnil-consent-2019",
      "company": "google",
      "title": "CNIL fines Google €50M over Android ad consent",
      "year": 2019,
      "dateAnnounced": "2019-01-21",
      "jurisdiction": "France",
      "regulator": "cnil",
      "law": "GDPR",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 50000000,
        "currency": "EUR",
        "usdApprox": 54000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "France's CNIL issued one of the first major GDPR fines, finding that Google lacked transparency and valid consent for ads personalisation during Android device setup.",
      "userImpact": "Users could not easily understand or control how their data was used across roughly 20 Google services.",
      "sources": [
        {
          "title": "CNIL decision (English)",
          "url": "https://www.cnil.fr/en/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc",
          "type": "regulator"
        }
      ],
      "related": [
        "google-france-cookies-2020"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-france-cookies-2020",
      "company": "google",
      "title": "CNIL fines Google €100M over advertising cookies",
      "year": 2020,
      "dateAnnounced": "2020-12-10",
      "jurisdiction": "France",
      "regulator": "cnil",
      "law": "ePrivacy (cookie consent)",
      "category": [
        "privacy",
        "dark-patterns"
      ],
      "amount": {
        "value": 100000000,
        "currency": "EUR",
        "usdApprox": 108000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The CNIL fined Google for placing advertising cookies on users' devices without prior consent and without adequate information.",
      "userImpact": "Visitors to Google's French services were tracked for advertising the moment they arrived, before any choice was offered.",
      "sources": [
        {
          "title": "CNIL (France) sanctions",
          "url": "https://www.cnil.fr/en/sanctions",
          "type": "regulator"
        }
      ],
      "related": [
        "google-france-cookies-2021",
        "amazon-france-cookies-2020"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-france-cookies-2021",
      "company": "google",
      "title": "CNIL fines Google €150M over hard-to-refuse cookies",
      "year": 2022,
      "dateAnnounced": "2022-01-06",
      "jurisdiction": "France",
      "regulator": "cnil",
      "law": "ePrivacy (cookie consent)",
      "category": [
        "privacy",
        "dark-patterns"
      ],
      "amount": {
        "value": 150000000,
        "currency": "EUR",
        "usdApprox": 162000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The CNIL found that Google made refusing cookies far harder than accepting them, a dark-pattern design that did not amount to valid consent.",
      "userImpact": "Users were nudged into tracking because the reject option required more steps than a single click to accept.",
      "sources": [
        {
          "title": "CNIL (France) sanctions",
          "url": "https://www.cnil.fr/en/sanctions",
          "type": "regulator"
        }
      ],
      "related": [
        "google-france-cookies-2020",
        "microsoft-france-bing-cookies-2022"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-france-cookies-2025",
      "company": "google",
      "subBrand": "Gmail",
      "title": "CNIL fines Google €325M over Gmail ads and cookies",
      "year": 2025,
      "dateAnnounced": "2025-09-03",
      "jurisdiction": "France",
      "regulator": "cnil",
      "law": "ePrivacy (cookie consent)",
      "category": [
        "privacy",
        "dark-patterns"
      ],
      "amount": {
        "value": 325000000,
        "currency": "EUR",
        "usdApprox": 351000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The CNIL's largest cookie penalty against Google covered advertising inserted directly into Gmail inboxes without consent, alongside continued cookie-consent failures.",
      "userImpact": "Gmail users saw ads placed among their messages, and were tracked, without having agreed to it.",
      "sources": [
        {
          "title": "CNIL (France) sanctions",
          "url": "https://www.cnil.fr/en/sanctions",
          "type": "regulator"
        }
      ],
      "related": [
        "google-france-cookies-2021"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-france-news-copyright-2021",
      "company": "google",
      "title": "Google fined €500M over news-copyright bargaining",
      "year": 2021,
      "dateAnnounced": "2021-07-13",
      "jurisdiction": "France",
      "regulator": "autorite-concurrence",
      "law": "Neighbouring rights / competition",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 500000000,
        "currency": "EUR",
        "usdApprox": 540000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "France's competition authority fined Google for failing to negotiate in good faith with news publishers over payment for news snippets under the EU's neighbouring-rights rules.",
      "userImpact": "The dispute undermined the economics of the journalism that users rely on for news.",
      "sources": [
        {
          "title": "Autorité de la concurrence",
          "url": "https://www.autoritedelaconcurrence.fr/en",
          "type": "regulator"
        }
      ],
      "related": [
        "google-france-adtech-2021"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-france-adtech-2021",
      "company": "google",
      "title": "Google fined €220M for ad-tech self-preferencing (France)",
      "year": 2021,
      "dateAnnounced": "2021-06-07",
      "jurisdiction": "France",
      "regulator": "autorite-concurrence",
      "law": "Antitrust (self-preferencing)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 220000000,
        "currency": "EUR",
        "usdApprox": 238000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "France's competition authority found that Google favoured its own ad server and ad exchange in online display advertising, and accepted binding commitments alongside the fine.",
      "userImpact": "Publisher revenues were weakened, reducing the funding available for free online content.",
      "sources": [
        {
          "title": "Autorité de la concurrence",
          "url": "https://www.autoritedelaconcurrence.fr/en",
          "type": "regulator"
        }
      ],
      "related": [
        "google-eu-adtech-2025",
        "google-france-news-copyright-2021"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-india-android-2022",
      "company": "google",
      "subBrand": "Android",
      "title": "CCI fines Google ₹1,337 crore over Android dominance",
      "year": 2022,
      "dateAnnounced": "2022-10-20",
      "jurisdiction": "India",
      "regulator": "cci",
      "law": "Antitrust (Competition Act, 2002)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 13377600000,
        "currency": "INR",
        "usdApprox": 161000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The Competition Commission of India fined Google for abusing Android's dominance through forced pre-installs and anti-forking restrictions on device makers.",
      "userImpact": "Device and app choice was restricted for Indian users, and Google's services were locked in by default.",
      "sources": [
        {
          "title": "Competition Commission of India",
          "url": "https://www.cci.gov.in",
          "type": "regulator"
        }
      ],
      "related": [
        "google-eu-android-2018",
        "google-india-play-2022"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-india-play-2022",
      "company": "google",
      "subBrand": "Play Store",
      "title": "CCI fines Google ₹936 crore over Play Store billing",
      "year": 2022,
      "dateAnnounced": "2022-10-25",
      "jurisdiction": "India",
      "regulator": "cci",
      "law": "Antitrust (Competition Act, 2002)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 9364400000,
        "currency": "INR",
        "usdApprox": 113000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "In a companion decision, the CCI fined Google for forcing app developers to use Google Play Billing and its associated commission.",
      "userImpact": "In-app payment costs were inflated for Indian users through mandatory billing.",
      "sources": [
        {
          "title": "Competition Commission of India",
          "url": "https://www.cci.gov.in",
          "type": "regulator"
        }
      ],
      "related": [
        "google-india-android-2022",
        "google-us-play-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-us-safari-2012",
      "company": "google",
      "title": "Google's $22.5M FTC fine over Safari cookie tracking",
      "year": 2012,
      "dateAnnounced": "2012-08-09",
      "jurisdiction": "US",
      "regulator": "ftc",
      "law": "FTC Act (consent order)",
      "category": [
        "privacy",
        "consumer-deception"
      ],
      "amount": {
        "value": 22500000,
        "currency": "USD",
        "usdApprox": 22500000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "The FTC penalised Google for circumventing Safari's default cookie-blocking to track users for advertising, despite telling those users they were protected. It was a record FTC civil penalty at the time.",
      "userImpact": "Millions of Safari users were tracked after being told they would not be.",
      "sources": [
        {
          "title": "FTC press release",
          "url": "https://www.ftc.gov/news-events/news/press-releases/2012/08/google-will-pay-225-million-settle-ftc-charges-it-misrepresented",
          "type": "regulator"
        }
      ],
      "related": [
        "google-france-cookies-2020"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-southkorea-android-2021",
      "company": "google",
      "subBrand": "Android",
      "title": "KFTC fines Google KRW 207B over Android restrictions",
      "year": 2021,
      "dateAnnounced": "2021-09-14",
      "jurisdiction": "South Korea",
      "regulator": "kftc",
      "law": "Antitrust",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 207400000000,
        "currency": "KRW",
        "usdApprox": 177000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "South Korea's Fair Trade Commission fined Google for blocking device makers from using customised (forked) versions of Android.",
      "userImpact": "The restrictions limited the range of Android-based devices available to Korean consumers.",
      "sources": [
        {
          "title": "Korea Fair Trade Commission",
          "url": "https://www.ftc.go.kr/eng",
          "type": "regulator"
        }
      ],
      "related": [
        "google-eu-android-2018"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "google-russia-content-2022",
      "company": "google",
      "subBrand": "YouTube",
      "title": "Roskomnadzor's turnover fine over content removal",
      "year": 2022,
      "dateAnnounced": "2022-07-18",
      "jurisdiction": "Russia",
      "regulator": "roskomnadzor",
      "law": "Content-removal law (turnover fine)",
      "category": [
        "content-moderation"
      ],
      "amount": {
        "value": 21100000000,
        "currency": "RUB",
        "usdApprox": 358000000
      },
      "penaltyType": "fine",
      "status": "under-appeal",
      "summary": "Russia imposed a turnover-based fine on Google for repeatedly failing to delete content the government deemed banned, following an earlier 2021 penalty. Enforcement and collection were complicated after 2022, and the amounts are largely uncollected in practice.",
      "userImpact": "The case centred on state content-removal compliance rather than direct consumer harm.",
      "details": "Russia has since escalated to astronomical, compounding turnover fines against Google that exceed any real-world value. This directory records the 2022 headline figure with the caveat that it does not reflect money paid.",
      "sources": [
        {
          "title": "Reuters coverage of the Russian fine",
          "url": "https://www.reuters.com",
          "type": "news"
        }
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-us-ftc-privacy-2019",
      "company": "meta",
      "title": "Facebook's $5B FTC penalty after Cambridge Analytica",
      "year": 2019,
      "dateAnnounced": "2019-07-24",
      "jurisdiction": "US",
      "regulator": "ftc",
      "law": "FTC Act (2012 consent order)",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 5000000000,
        "currency": "USD",
        "usdApprox": 5000000000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "The FTC imposed a $5B penalty and sweeping new privacy restrictions after finding that Facebook deceived users about their ability to control personal data, in violation of a 2012 consent order. Third-party apps had harvested data on up to 87 million users in the Cambridge Analytica episode. It was the largest privacy penalty in history at the time.",
      "userImpact": "Personal data of tens of millions of people was exploited for political profiling and ad targeting without meaningful consent.",
      "details": "Meta also paid a separate $100M SEC settlement in 2019 for misleading investors about the same misuse.",
      "sources": [
        {
          "title": "FTC press release",
          "url": "https://www.ftc.gov/news-events/news/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions-facebook",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-us-illinois-bipa-2021",
        "meta-eu-data-transfers-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-eu-data-transfers-2023",
      "company": "meta",
      "subBrand": "Facebook",
      "title": "Meta's record €1.2B GDPR fine over EU-US transfers",
      "year": 2023,
      "dateAnnounced": "2023-05-22",
      "jurisdiction": "Ireland / EU",
      "regulator": "irish-dpc",
      "law": "GDPR",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 1200000000,
        "currency": "EUR",
        "usdApprox": 1300000000
      },
      "penaltyType": "fine",
      "status": "under-appeal",
      "statusHistory": [
        {
          "date": "2023-05-22",
          "event": "€1.2B fine plus an order to suspend transfers and delete unlawfully transferred data."
        }
      ],
      "summary": "The Irish DPC fined Meta for continuing to transfer EU users' personal data to US servers after the Schrems II ruling, exposing that data to potential US surveillance without adequate safeguards. It is the largest GDPR fine ever issued.",
      "userImpact": "Hundreds of millions of EU Facebook users' data lacked the legally required protection from foreign government access.",
      "sources": [
        {
          "title": "IAPP: Meta fined €1.2B",
          "url": "https://iapp.org/news/a/meta-fined-gdpr-record-1-2-billion-euros-in-data-transfer-case",
          "type": "news"
        },
        {
          "title": "Irish DPC press releases",
          "url": "https://www.dataprotection.ie/en/news-media/press-releases",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-us-ftc-privacy-2019",
        "tiktok-ireland-datatransfers-2025"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-ireland-ads-legalbasis-2023",
      "company": "meta",
      "title": "Meta fined €390M over the legal basis for ads",
      "year": 2023,
      "dateAnnounced": "2023-01-04",
      "jurisdiction": "Ireland / EU",
      "regulator": "irish-dpc",
      "law": "GDPR",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 390000000,
        "currency": "EUR",
        "usdApprox": 421000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The DPC found that Facebook (€210M) and Instagram (€180M) relied on a terms-of-service contract, rather than valid consent, to justify personalised advertising. The decision forced a change in how Meta seeks a legal basis for ads.",
      "userImpact": "Users had no genuine choice to refuse behavioural advertising while continuing to use the services.",
      "sources": [
        {
          "title": "Irish DPC press releases",
          "url": "https://www.dataprotection.ie/en/news-media/press-releases",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-eu-dma-payorconsent-2025",
        "microsoft-ireland-linkedin-2024"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-ireland-scraping-2022",
      "company": "meta",
      "subBrand": "Facebook",
      "title": "Meta fined €265M over data scraping",
      "year": 2022,
      "dateAnnounced": "2022-11-25",
      "jurisdiction": "Ireland / EU",
      "regulator": "irish-dpc",
      "law": "GDPR",
      "category": [
        "privacy",
        "security-breach"
      ],
      "amount": {
        "value": 265000000,
        "currency": "EUR",
        "usdApprox": 286000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The DPC found that design failures allowed the scraping of roughly 533 million users' phone numbers and personal details, which were later leaked online.",
      "userImpact": "Hundreds of millions of people were exposed to spam, phishing, and SIM-swap attacks after their contact details leaked.",
      "sources": [
        {
          "title": "Irish DPC press releases",
          "url": "https://www.dataprotection.ie/en/news-media/press-releases",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-ireland-breach-2022"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-ireland-instagram-children-2022",
      "company": "meta",
      "subBrand": "Instagram",
      "title": "Instagram fined €405M over children's data",
      "year": 2022,
      "dateAnnounced": "2022-09-05",
      "jurisdiction": "Ireland / EU",
      "regulator": "irish-dpc",
      "law": "GDPR",
      "category": [
        "privacy",
        "children-safety"
      ],
      "amount": {
        "value": 405000000,
        "currency": "EUR",
        "usdApprox": 437000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The DPC found that Instagram business accounts publicly exposed children's phone numbers and email addresses by default.",
      "userImpact": "Minors' contact details were publicly visible, creating real-world safety risks.",
      "sources": [
        {
          "title": "Irish DPC press releases",
          "url": "https://www.dataprotection.ie/en/news-media/press-releases",
          "type": "regulator"
        },
        {
          "title": "Proton: Big Tech fines analysis",
          "url": "https://proton.me/blog/big-tech-three-billion-fines",
          "type": "news"
        }
      ],
      "related": [
        "tiktok-ireland-children-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-ireland-whatsapp-2021",
      "company": "meta",
      "subBrand": "WhatsApp",
      "title": "WhatsApp fined €225M over transparency",
      "year": 2021,
      "dateAnnounced": "2021-09-02",
      "jurisdiction": "Ireland / EU",
      "regulator": "irish-dpc",
      "law": "GDPR",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 225000000,
        "currency": "EUR",
        "usdApprox": 243000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The DPC found that WhatsApp failed to properly explain to users and non-users how their data was processed and shared with other Meta companies.",
      "userImpact": "Users could not make informed decisions about data sharing between WhatsApp and Facebook.",
      "sources": [
        {
          "title": "Irish DPC press releases",
          "url": "https://www.dataprotection.ie/en/news-media/press-releases",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-ireland-ads-legalbasis-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-eu-marketplace-2024",
      "company": "meta",
      "subBrand": "Facebook Marketplace",
      "title": "Meta fined €797M over Facebook Marketplace",
      "year": 2024,
      "dateAnnounced": "2024-11-14",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "Antitrust (Art. 102 TFEU)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 797720000,
        "currency": "EUR",
        "usdApprox": 861500000
      },
      "penaltyType": "fine",
      "status": "under-appeal",
      "summary": "The European Commission found that Meta tied Facebook Marketplace to its social network and imposed unfair conditions on rival online-classifieds services.",
      "userImpact": "Competing classifieds services were disadvantaged, limiting choice for EU users.",
      "sources": [
        {
          "title": "European Commission competition case search",
          "url": "https://competition-cases.ec.europa.eu",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-eu-dma-payorconsent-2025"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-eu-dma-payorconsent-2025",
      "company": "meta",
      "title": "Meta's €200M DMA fine over 'pay or consent'",
      "year": 2025,
      "dateAnnounced": "2025-04-23",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "DMA",
      "category": [
        "consumer-deception",
        "privacy"
      ],
      "amount": {
        "value": 200000000,
        "currency": "EUR",
        "usdApprox": 216000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "In one of the first Digital Markets Act fines, the Commission found that Meta's pay-or-consent model forced Facebook and Instagram users to either pay a subscription or accept full data combination for personalised ads, without a genuine less-data alternative. Meta adjusted the model after the decision.",
      "userImpact": "Users effectively had to pay for privacy, so their consent to tracking was not freely given.",
      "sources": [
        {
          "title": "NPR: Apple and Meta EU tech fines",
          "url": "https://www.npr.org/2025/04/23/nx-s1-5373560/apple-meta-eu-tech-fines",
          "type": "news"
        }
      ],
      "related": [
        "apple-eu-dma-appstore-2025",
        "meta-ireland-ads-legalbasis-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-us-texas-biometric-2024",
      "company": "meta",
      "title": "Meta's $1.4B Texas biometric settlement",
      "year": 2024,
      "dateAnnounced": "2024-07-30",
      "jurisdiction": "US (Texas)",
      "regulator": "texas-ag",
      "law": "Texas CUBI",
      "category": [
        "biometrics"
      ],
      "amount": {
        "value": 1400000000,
        "currency": "USD",
        "usdApprox": 1400000000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "Texas settled claims that Meta captured facial-recognition data of millions of Texans through photo tag suggestions without consent, in violation of Texas biometric law. It was the largest single-state privacy settlement at the time.",
      "userImpact": "Users' faceprints were created and stored without permission.",
      "sources": [
        {
          "title": "Texas Attorney General newsroom",
          "url": "https://www.texasattorneygeneral.gov/news",
          "type": "regulator"
        },
        {
          "title": "Enzuzo: biggest data-breach fines",
          "url": "https://www.enzuzo.com/blog/biggest-data-breach-fines",
          "type": "news"
        }
      ],
      "related": [
        "meta-us-illinois-bipa-2021",
        "google-us-texas-biometric-2025"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-us-illinois-bipa-2021",
      "company": "meta",
      "title": "Facebook's $650M BIPA facial-recognition settlement",
      "year": 2021,
      "dateAnnounced": "2021-02-26",
      "jurisdiction": "US (Illinois)",
      "regulator": "illinois-court",
      "law": "BIPA",
      "category": [
        "biometrics"
      ],
      "amount": {
        "value": 650000000,
        "currency": "USD",
        "usdApprox": 650000000
      },
      "penaltyType": "class-action",
      "status": "paid",
      "summary": "A class-action settlement resolved claims that Facebook's tag-suggestion faceprinting violated Illinois' Biometric Information Privacy Act. Roughly 1.6 million Illinois users received payouts.",
      "userImpact": "About 1.6 million people were compensated for non-consensual biometric collection.",
      "sources": [
        {
          "title": "Wikipedia: Biometric Information Privacy Act",
          "url": "https://en.wikipedia.org/wiki/Biometric_Information_Privacy_Act",
          "type": "news"
        }
      ],
      "related": [
        "meta-us-texas-biometric-2024"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-ireland-breach-2022",
      "company": "meta",
      "subBrand": "Facebook",
      "title": "Meta fined €17M over 2018 data breaches",
      "year": 2022,
      "dateAnnounced": "2022-03-15",
      "jurisdiction": "Ireland / EU",
      "regulator": "irish-dpc",
      "law": "GDPR",
      "category": [
        "security-breach",
        "privacy"
      ],
      "amount": {
        "value": 17000000,
        "currency": "EUR",
        "usdApprox": 18400000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The DPC fined Meta over a series of twelve data breaches in 2018, finding it had failed to have appropriate technical and organisational measures in place.",
      "userImpact": "User data was exposed across multiple breaches without adequate safeguards.",
      "sources": [
        {
          "title": "Irish DPC press releases",
          "url": "https://www.dataprotection.ie/en/news-media/press-releases",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-ireland-scraping-2022"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "meta-southkorea-pipc-2024",
      "company": "meta",
      "title": "PIPC fines Meta KRW 21.6B over sensitive-data collection",
      "year": 2024,
      "dateAnnounced": "2024-11-05",
      "jurisdiction": "South Korea",
      "regulator": "pipc",
      "law": "PIPA",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 21600000000,
        "currency": "KRW",
        "usdApprox": 15000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "South Korea's PIPC fined Meta for collecting sensitive data, including religion, political views, and sexual orientation, on roughly 980,000 users for advertising without consent.",
      "userImpact": "Highly sensitive personal characteristics were gathered and used for ad targeting without permission.",
      "sources": [
        {
          "title": "Personal Information Protection Commission",
          "url": "https://www.pipc.go.kr/eng",
          "type": "regulator"
        }
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "apple-eu-music-antisteering-2024",
      "company": "apple",
      "title": "Apple fined €1.84B over music-streaming anti-steering",
      "year": 2024,
      "dateAnnounced": "2024-03-04",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "Antitrust (Art. 102 TFEU)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 1840000000,
        "currency": "EUR",
        "usdApprox": 1987000000
      },
      "penaltyType": "fine",
      "status": "under-appeal",
      "summary": "Following a Spotify complaint, the Commission found that Apple banned music apps from telling iPhone users about cheaper subscription options available outside the App Store.",
      "userImpact": "iOS users paid more for music subscriptions, or were kept unaware of cheaper alternatives, for nearly a decade.",
      "sources": [
        {
          "title": "European Commission press release (IP/24/1161)",
          "url": "https://ec.europa.eu/commission/presscorner/detail/en/ip_24_1161",
          "type": "regulator"
        }
      ],
      "related": [
        "apple-eu-dma-appstore-2025"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "apple-eu-dma-appstore-2025",
      "company": "apple",
      "title": "Apple's €500M DMA fine over App Store steering",
      "year": 2025,
      "dateAnnounced": "2025-04-23",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "DMA",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 500000000,
        "currency": "EUR",
        "usdApprox": 540000000
      },
      "penaltyType": "fine",
      "status": "under-appeal",
      "summary": "In the first Digital Markets Act fine against Apple, the Commission found that Apple prevented developers from freely informing users about, and directing them to, cheaper purchasing options outside the App Store.",
      "userImpact": "Users were denied information about cheaper ways to buy apps and content.",
      "sources": [
        {
          "title": "NPR: Apple and Meta EU tech fines",
          "url": "https://www.npr.org/2025/04/23/nx-s1-5373560/apple-meta-eu-tech-fines",
          "type": "news"
        }
      ],
      "related": [
        "meta-eu-dma-payorconsent-2025",
        "apple-eu-music-antisteering-2024"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "apple-france-distribution-2020",
      "company": "apple",
      "title": "Apple's €1.1B French distribution fine, cut to €372M",
      "year": 2020,
      "dateAnnounced": "2020-03-16",
      "jurisdiction": "France",
      "regulator": "autorite-concurrence",
      "law": "Antitrust (distribution)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 372000000,
        "currency": "EUR",
        "usdApprox": 402000000
      },
      "penaltyType": "fine",
      "status": "reduced",
      "statusHistory": [
        {
          "date": "2020-03-16",
          "event": "Original fine of €1.1B imposed.",
          "newAmountUsd": 1188000000
        },
        {
          "date": "2022-10-06",
          "event": "Reduced to €372M by the Paris Court of Appeal.",
          "newAmountUsd": 402000000
        }
      ],
      "summary": "France's competition authority fined Apple over anticompetitive agreements with premium resellers that froze the reseller market and kept prices aligned. On appeal the fine was cut to €372M.",
      "userImpact": "French consumers likely paid higher, more uniform prices for Apple products.",
      "sources": [
        {
          "title": "Autorité de la concurrence",
          "url": "https://www.autoritedelaconcurrence.fr/en",
          "type": "regulator"
        }
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "apple-france-batterygate-2020",
      "company": "apple",
      "title": "Apple fined €25M over undisclosed iPhone throttling",
      "year": 2020,
      "dateAnnounced": "2020-02-07",
      "jurisdiction": "France",
      "regulator": "dgccrf",
      "law": "Consumer-protection (deceptive practice)",
      "category": [
        "consumer-deception"
      ],
      "amount": {
        "value": 25000000,
        "currency": "EUR",
        "usdApprox": 27000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "France's DGCCRF fined Apple for failing to tell consumers that iOS updates could slow older iPhones to manage aging batteries, part of the wider Batterygate episode.",
      "userImpact": "Users experienced degraded performance and, unaware of the cause, some replaced phones unnecessarily.",
      "sources": [
        {
          "title": "Wikipedia: Batterygate",
          "url": "https://en.wikipedia.org/wiki/Batterygate",
          "type": "news"
        }
      ],
      "related": [
        "apple-us-batterygate-classaction-2020",
        "apple-us-batterygate-states-2020"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "apple-us-batterygate-classaction-2020",
      "company": "apple",
      "title": "Apple's up-to-$500M Batterygate class-action settlement",
      "year": 2020,
      "dateAnnounced": "2020-03-02",
      "jurisdiction": "US",
      "regulator": "us-court",
      "law": "Consumer class action",
      "category": [
        "consumer-deception"
      ],
      "amount": {
        "value": 500000000,
        "currency": "USD",
        "usdApprox": 500000000
      },
      "penaltyType": "class-action",
      "status": "paid",
      "summary": "Apple agreed to a US class-action settlement of up to $500M, roughly $25 per affected iPhone, over the same undisclosed performance throttling.",
      "userImpact": "Millions of US iPhone owners were eligible for payments after their devices were slowed without notice.",
      "sources": [
        {
          "title": "Wikipedia: Batterygate",
          "url": "https://en.wikipedia.org/wiki/Batterygate",
          "type": "news"
        }
      ],
      "related": [
        "apple-france-batterygate-2020",
        "apple-us-batterygate-states-2020"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "apple-us-batterygate-states-2020",
      "company": "apple",
      "title": "Apple's $113M Batterygate settlement with 34 states",
      "year": 2020,
      "dateAnnounced": "2020-11-18",
      "jurisdiction": "US (multistate)",
      "regulator": "us-states",
      "law": "State consumer-protection law",
      "category": [
        "consumer-deception"
      ],
      "amount": {
        "value": 113000000,
        "currency": "USD",
        "usdApprox": 113000000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "Thirty-four US states settled claims over the hidden iPhone throttling, separate from the consumer class action.",
      "userImpact": "The states recovered penalties on behalf of consumers affected by the undisclosed slowdowns.",
      "sources": [
        {
          "title": "Wikipedia: Batterygate",
          "url": "https://en.wikipedia.org/wiki/Batterygate",
          "type": "news"
        }
      ],
      "related": [
        "apple-us-batterygate-classaction-2020"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "apple-netherlands-dating-2022",
      "company": "apple",
      "title": "Apple's €50M in weekly ACM penalties over dating-app payments",
      "year": 2022,
      "dateAnnounced": "2022-03-21",
      "jurisdiction": "Netherlands",
      "regulator": "acm",
      "law": "Antitrust (periodic penalty)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 50000000,
        "currency": "EUR",
        "usdApprox": 54000000
      },
      "penaltyType": "periodic-penalty",
      "status": "final",
      "summary": "The Dutch ACM levied ten consecutive weekly penalties of €5M after Apple repeatedly failed to comply with an order to let dating apps use alternative payment systems.",
      "userImpact": "Dutch dating-app users were locked into Apple's payment system and its commission-inflated prices.",
      "sources": [
        {
          "title": "Authority for Consumers and Markets (ACM)",
          "url": "https://www.acm.nl/en",
          "type": "regulator"
        }
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "apple-france-att-2025",
      "company": "apple",
      "title": "Apple fined €150M over App Tracking Transparency",
      "year": 2025,
      "dateAnnounced": "2025-03-31",
      "jurisdiction": "France",
      "regulator": "autorite-concurrence",
      "law": "Antitrust (abuse of dominance)",
      "category": [
        "antitrust",
        "privacy"
      ],
      "amount": {
        "value": 150000000,
        "currency": "EUR",
        "usdApprox": 162000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "France's competition authority found that Apple's App Tracking Transparency consent design over-burdened third-party apps while Apple's own advertising faced lighter requirements, an abuse of its dominant position.",
      "userImpact": "Consent flows were asymmetric, and smaller app developers' advertising businesses were disadvantaged.",
      "sources": [
        {
          "title": "Autorité de la concurrence",
          "url": "https://www.autoritedelaconcurrence.fr/en",
          "type": "regulator"
        }
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "apple-italy-water-2020",
      "company": "apple",
      "title": "Apple fined €10M over iPhone water-resistance claims",
      "year": 2020,
      "dateAnnounced": "2020-11-30",
      "jurisdiction": "Italy",
      "regulator": "agcm",
      "law": "Consumer-protection law",
      "category": [
        "consumer-deception"
      ],
      "amount": {
        "value": 10000000,
        "currency": "EUR",
        "usdApprox": 10800000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "Italy's AGCM fined Apple for misleading marketing about iPhone water resistance and for refusing warranty service on water-damaged phones.",
      "userImpact": "Users were denied repairs for the kind of damage the marketing implied could not happen.",
      "sources": [
        {
          "title": "AGCM (Italy)",
          "url": "https://en.agcm.it",
          "type": "regulator"
        }
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "apple-eu-ireland-tax-2016",
      "company": "apple",
      "title": "Apple's €13B Irish tax recovery",
      "year": 2016,
      "dateAnnounced": "2016-08-30",
      "jurisdiction": "EU / Ireland",
      "regulator": "european-commission",
      "law": "State aid (tax)",
      "category": [
        "tax"
      ],
      "amount": {
        "value": 13000000000,
        "currency": "EUR",
        "usdApprox": 14040000000
      },
      "penaltyType": "tax-recovery",
      "status": "final",
      "statusHistory": [
        {
          "date": "2016-08-30",
          "event": "Commission orders Ireland to recover €13B in unlawful tax benefits."
        },
        {
          "date": "2020-07-15",
          "event": "Annulled by the EU General Court.",
          "newAmountUsd": 0
        },
        {
          "date": "2024-09-10",
          "event": "Reinstated by the EU Court of Justice; Apple paid the sum from escrow.",
          "newAmountUsd": 14040000000
        }
      ],
      "summary": "This is a state-aid recovery, not a fine. The Commission ordered Apple to repay illegal tax benefits granted by Ireland, which produced effective tax rates as low as 0.005%. After being annulled in 2020, the order was reinstated by the EU's top court in 2024.",
      "userImpact": "The impact is indirect: the case concerned public revenue rather than direct consumer harm.",
      "details": "Because it recovers unpaid tax rather than punishing conduct, this entry is classified as a tax recovery. See the methodology page for why recoveries are counted separately from fines.",
      "sources": [
        {
          "title": "European Commission press release (IP/16/2923)",
          "url": "https://ec.europa.eu/commission/presscorner/detail/en/ip_16_2923",
          "type": "regulator"
        }
      ],
      "related": [
        "amazon-eu-luxembourg-tax-2017"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "microsoft-eu-mediaplayer-2004",
      "company": "microsoft",
      "title": "Microsoft fined €497M in the landmark Windows case",
      "year": 2004,
      "dateAnnounced": "2004-03-24",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "Antitrust (Art. 102 TFEU)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 497000000,
        "currency": "EUR",
        "usdApprox": 537000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "In a landmark case, the Commission found that Microsoft abused its Windows dominance by bundling Media Player and withholding interoperability information from rival server-software makers.",
      "userImpact": "Choice in media software was reduced, and rival products worked worse with Windows.",
      "sources": [
        {
          "title": "Wikipedia: Microsoft Corp. v. Commission",
          "url": "https://en.wikipedia.org/wiki/Microsoft_Corp._v._Commission",
          "type": "news"
        }
      ],
      "related": [
        "microsoft-eu-noncompliance-2008",
        "microsoft-eu-browserchoice-2013"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "microsoft-eu-noncompliance-2006",
      "company": "microsoft",
      "title": "Microsoft fined €280.5M for non-compliance",
      "year": 2006,
      "dateAnnounced": "2006-07-12",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "Antitrust (periodic penalty)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 280500000,
        "currency": "EUR",
        "usdApprox": 303000000
      },
      "penaltyType": "periodic-penalty",
      "status": "final",
      "summary": "The Commission imposed a periodic penalty for Microsoft's failure to comply with the 2004 decision, specifically for not supplying complete interoperability information on reasonable terms.",
      "userImpact": "The delay prolonged the harms of the original abuse for years.",
      "sources": [
        {
          "title": "Wikipedia: Microsoft Corp. v. Commission",
          "url": "https://en.wikipedia.org/wiki/Microsoft_Corp._v._Commission",
          "type": "news"
        }
      ],
      "related": [
        "microsoft-eu-mediaplayer-2004",
        "microsoft-eu-noncompliance-2008"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "microsoft-eu-noncompliance-2008",
      "company": "microsoft",
      "title": "Microsoft's €899M non-compliance penalty, cut to €860M",
      "year": 2008,
      "dateAnnounced": "2008-02-27",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "Antitrust (periodic penalty)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 860000000,
        "currency": "EUR",
        "usdApprox": 929000000
      },
      "penaltyType": "periodic-penalty",
      "status": "reduced",
      "statusHistory": [
        {
          "date": "2008-02-27",
          "event": "€899M penalty imposed for unreasonable interoperability royalties.",
          "newAmountUsd": 971000000
        },
        {
          "date": "2012-06-27",
          "event": "Slightly reduced to €860M by the EU General Court.",
          "newAmountUsd": 929000000
        }
      ],
      "summary": "The Commission penalised Microsoft for charging unreasonable royalties for the interoperability information required by the 2004 decision. On appeal the penalty was trimmed to €860M.",
      "userImpact": "Rivals continued to face barriers to building software that worked well with Windows.",
      "sources": [
        {
          "title": "Wikipedia: Microsoft Corp. v. Commission",
          "url": "https://en.wikipedia.org/wiki/Microsoft_Corp._v._Commission",
          "type": "news"
        }
      ],
      "related": [
        "microsoft-eu-noncompliance-2006"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "microsoft-eu-browserchoice-2013",
      "company": "microsoft",
      "title": "Microsoft fined €561M over the browser choice screen",
      "year": 2013,
      "dateAnnounced": "2013-03-06",
      "jurisdiction": "EU",
      "regulator": "european-commission",
      "law": "Antitrust (breach of commitments)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 561000000,
        "currency": "EUR",
        "usdApprox": 606000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The Commission fined Microsoft for breaking a legally binding commitment to show Windows users a browser-choice screen, which silently disappeared for roughly 15 million users. It was the first EU fine for breaching commitments.",
      "userImpact": "Users were not shown alternatives to Internet Explorer as they had been promised.",
      "sources": [
        {
          "title": "European Commission press release (IP/13/196)",
          "url": "https://ec.europa.eu/commission/presscorner/detail/en/IP_13_196",
          "type": "regulator"
        }
      ],
      "related": [
        "microsoft-eu-mediaplayer-2004"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "microsoft-ireland-linkedin-2024",
      "company": "microsoft",
      "subBrand": "LinkedIn",
      "title": "LinkedIn fined €310M over behavioural advertising",
      "year": 2024,
      "dateAnnounced": "2024-10-24",
      "jurisdiction": "Ireland / EU",
      "regulator": "irish-dpc",
      "law": "GDPR",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 310000000,
        "currency": "EUR",
        "usdApprox": 335000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The Irish DPC found that LinkedIn, owned by Microsoft, processed members' personal data for behavioural advertising without a valid legal basis and without adequate transparency.",
      "userImpact": "Professional users were profiled for advertising without lawful consent.",
      "sources": [
        {
          "title": "Irish DPC press releases",
          "url": "https://www.dataprotection.ie/en/news-media/press-releases",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-ireland-ads-legalbasis-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "microsoft-france-bing-cookies-2022",
      "company": "microsoft",
      "subBrand": "Bing",
      "title": "CNIL fines Microsoft €60M over Bing cookies",
      "year": 2022,
      "dateAnnounced": "2022-12-22",
      "jurisdiction": "France",
      "regulator": "cnil",
      "law": "ePrivacy (cookie consent)",
      "category": [
        "privacy",
        "dark-patterns"
      ],
      "amount": {
        "value": 60000000,
        "currency": "EUR",
        "usdApprox": 65000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The CNIL fined Microsoft for depositing advertising cookies on bing.com without consent and for making it harder to refuse cookies than to accept them.",
      "userImpact": "Bing search users were tracked by default.",
      "sources": [
        {
          "title": "CNIL (France) sanctions",
          "url": "https://www.cnil.fr/en/sanctions",
          "type": "regulator"
        }
      ],
      "related": [
        "google-france-cookies-2021"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "amazon-us-prime-darkpatterns-2025",
      "company": "amazon",
      "subBrand": "Prime",
      "title": "Amazon's $2.5B FTC settlement over Prime dark patterns",
      "year": 2025,
      "dateAnnounced": "2025-09-25",
      "jurisdiction": "US",
      "regulator": "ftc",
      "law": "FTC Act / ROSCA",
      "category": [
        "dark-patterns",
        "consumer-deception"
      ],
      "amount": {
        "value": 2500000000,
        "currency": "USD",
        "usdApprox": 2500000000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "The FTC settled claims that Amazon tricked consumers into enrolling in Prime through deceptive sign-up flows and made cancellation deliberately difficult, an internal process nicknamed Iliad. The settlement comprised a $1B civil penalty and $1.5B in refunds to about 35 million customers.",
      "userImpact": "Millions of people were charged for subscriptions they did not knowingly sign up for or could not easily cancel.",
      "sources": [
        {
          "title": "CNBC: Amazon FTC Prime settlement",
          "url": "https://www.cnbc.com/2025/09/25/amazon-ftc-prime-settlement.html",
          "type": "news"
        },
        {
          "title": "FTC newsroom",
          "url": "https://www.ftc.gov/news-events/news/press-releases",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-eu-dma-payorconsent-2025"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "amazon-luxembourg-gdpr-2021",
      "company": "amazon",
      "title": "Amazon's record €746M GDPR fine (Luxembourg)",
      "year": 2021,
      "dateAnnounced": "2021-07-16",
      "jurisdiction": "Luxembourg / EU",
      "regulator": "cnpd",
      "law": "GDPR",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 746000000,
        "currency": "EUR",
        "usdApprox": 806000000
      },
      "penaltyType": "fine",
      "status": "under-appeal",
      "summary": "Luxembourg's CNPD fined Amazon for processing personal data for behavioural advertising without valid consent. It was the largest GDPR fine at the time and has been under appeal since.",
      "userImpact": "Shoppers were profiled for advertising without a lawful basis.",
      "sources": [
        {
          "title": "Enzuzo: biggest data-breach fines",
          "url": "https://www.enzuzo.com/blog/biggest-data-breach-fines",
          "type": "news"
        }
      ],
      "related": [
        "meta-eu-data-transfers-2023",
        "amazon-france-cookies-2020"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "amazon-italy-logistics-2021",
      "company": "amazon",
      "title": "Amazon fined €1.13B over logistics self-preferencing (Italy)",
      "year": 2021,
      "dateAnnounced": "2021-12-09",
      "jurisdiction": "Italy",
      "regulator": "agcm",
      "law": "Antitrust (self-preferencing)",
      "category": [
        "antitrust"
      ],
      "amount": {
        "value": 1128000000,
        "currency": "EUR",
        "usdApprox": 1218000000
      },
      "penaltyType": "fine",
      "status": "under-appeal",
      "summary": "Italy's AGCM found that Amazon tied key seller benefits, such as the Prime badge and better visibility, to using its own logistics service (FBA), disadvantaging rival logistics providers.",
      "userImpact": "Marketplace rankings favoured Amazon-fulfilled offers regardless of merit, and higher seller costs feed into prices.",
      "sources": [
        {
          "title": "AGCM (Italy)",
          "url": "https://en.agcm.it",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-eu-marketplace-2024"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "amazon-us-alexa-coppa-2023",
      "company": "amazon",
      "subBrand": "Alexa",
      "title": "Amazon's $25M Alexa settlement over children's recordings",
      "year": 2023,
      "dateAnnounced": "2023-05-31",
      "jurisdiction": "US",
      "regulator": "ftc",
      "law": "COPPA",
      "category": [
        "privacy",
        "children-safety"
      ],
      "amount": {
        "value": 25000000,
        "currency": "USD",
        "usdApprox": 25000000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "The FTC settled claims that Amazon kept children's Alexa voice recordings indefinitely, against COPPA and parents' deletion requests.",
      "userImpact": "Children's voice recordings were retained unlawfully even after parents asked for their deletion.",
      "sources": [
        {
          "title": "FTC press release (May 2023)",
          "url": "https://www.ftc.gov/news-events/news/press-releases/2023/05",
          "type": "regulator"
        }
      ],
      "related": [
        "amazon-us-ring-2023",
        "google-us-youtube-coppa-2019"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "amazon-us-ring-2023",
      "company": "amazon",
      "subBrand": "Ring",
      "title": "Amazon's $5.8M Ring settlement over camera access",
      "year": 2023,
      "dateAnnounced": "2023-05-31",
      "jurisdiction": "US",
      "regulator": "ftc",
      "law": "FTC Act",
      "category": [
        "privacy",
        "security-breach"
      ],
      "amount": {
        "value": 5800000,
        "currency": "USD",
        "usdApprox": 5800000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "The FTC settled claims that Ring employees and contractors improperly accessed customers' home camera videos, and that lax security allowed outside access.",
      "userImpact": "Intimate home footage was viewed without customers' knowledge or consent.",
      "sources": [
        {
          "title": "FTC press release (May 2023)",
          "url": "https://www.ftc.gov/news-events/news/press-releases/2023/05",
          "type": "regulator"
        }
      ],
      "related": [
        "amazon-us-alexa-coppa-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "amazon-france-cookies-2020",
      "company": "amazon",
      "title": "CNIL fines Amazon €35M over advertising cookies",
      "year": 2020,
      "dateAnnounced": "2020-12-10",
      "jurisdiction": "France",
      "regulator": "cnil",
      "law": "ePrivacy (cookie consent)",
      "category": [
        "privacy",
        "dark-patterns"
      ],
      "amount": {
        "value": 35000000,
        "currency": "EUR",
        "usdApprox": 37800000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The CNIL fined Amazon for placing advertising cookies on amazon.fr visitors' devices without consent or adequate information.",
      "userImpact": "Visitors were tracked for advertising the moment they arrived on the site.",
      "sources": [
        {
          "title": "CNIL (France) sanctions",
          "url": "https://www.cnil.fr/en/sanctions",
          "type": "regulator"
        }
      ],
      "related": [
        "google-france-cookies-2020"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "amazon-eu-luxembourg-tax-2017",
      "company": "amazon",
      "title": "Amazon's €250M Luxembourg tax order, later annulled",
      "year": 2017,
      "dateAnnounced": "2017-10-04",
      "jurisdiction": "EU / Luxembourg",
      "regulator": "european-commission",
      "law": "State aid (tax)",
      "category": [
        "tax"
      ],
      "amount": {
        "value": 250000000,
        "currency": "EUR",
        "usdApprox": 270000000
      },
      "penaltyType": "tax-recovery",
      "status": "annulled",
      "statusHistory": [
        {
          "date": "2017-10-04",
          "event": "Commission orders recovery of about €250M in tax advantages."
        },
        {
          "date": "2021-05-12",
          "event": "Annulled by the EU General Court.",
          "newAmountUsd": 0
        },
        {
          "date": "2023-12-14",
          "event": "Annulment made final by the EU Court of Justice.",
          "newAmountUsd": 0
        }
      ],
      "summary": "The Commission ordered Luxembourg to recover tax advantages from Amazon, but EU courts annulled the decision, a ruling made final in 2023. It is included for completeness given its prominence.",
      "userImpact": "The impact is indirect: the case concerned public revenue rather than consumer harm.",
      "sources": [
        {
          "title": "European Commission press release (IP/17/3701)",
          "url": "https://ec.europa.eu/commission/presscorner/detail/en/IP_17_3701",
          "type": "regulator"
        }
      ],
      "related": [
        "apple-eu-ireland-tax-2016"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "openai-italy-garante-2024",
      "company": "openai",
      "subBrand": "ChatGPT",
      "title": "OpenAI's €15M ChatGPT fine, annulled in 2026",
      "year": 2024,
      "dateAnnounced": "2024-12-20",
      "jurisdiction": "Italy",
      "regulator": "garante",
      "law": "GDPR",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 15000000,
        "currency": "EUR",
        "usdApprox": 16200000
      },
      "penaltyType": "fine",
      "status": "annulled",
      "statusHistory": [
        {
          "date": "2024-12-20",
          "event": "Garante fines OpenAI €15M and orders a public information campaign."
        },
        {
          "date": "2026-03-01",
          "event": "Court of Rome annuls the fine on procedural grounds; the Irish DPC had become lead authority.",
          "newAmountUsd": 0
        }
      ],
      "summary": "Italy's Garante alleged that ChatGPT was trained on personal data without an adequate legal basis, failed transparency obligations, did not report a March 2023 breach, and lacked age verification for minors. In March 2026 the Court of Rome annulled the fine on procedural grounds, not because the practices were ruled lawful.",
      "userImpact": "Users, including minors, had no clear way to understand or object to their data being used for AI training; about 440 Italian users were affected by the unreported breach.",
      "details": "The annulment turned on jurisdiction: Ireland's DPC had become lead authority for OpenAI under the GDPR one-stop-shop mechanism. Irish scrutiny of OpenAI continues, so the underlying questions remain open.",
      "sources": [
        {
          "title": "Euronews: Garante fines OpenAI €15M",
          "url": "https://www.euronews.com/next/2024/12/20/italys-privacy-watchdog-fines-openai-15-million-after-probe-into-chatgpt-data-collection",
          "type": "news"
        },
        {
          "title": "WSGR: OpenAI prevails in Italian GDPR case",
          "url": "https://www.wsgr.com/en/insights/openai-prevails-in-landmark-italian-ai-and-gdpr-enforcement-case.html",
          "type": "court"
        }
      ],
      "related": [
        "meta-eu-data-transfers-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "tiktok-ireland-datatransfers-2025",
      "company": "tiktok",
      "title": "TikTok fined €530M over EU-China data transfers",
      "year": 2025,
      "dateAnnounced": "2025-05-02",
      "jurisdiction": "Ireland / EU",
      "regulator": "irish-dpc",
      "law": "GDPR",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 530000000,
        "currency": "EUR",
        "usdApprox": 572000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The Irish DPC fined TikTok for unlawfully transferring EU users' data to China without ensuring equivalent protection, and for related transparency failures.",
      "userImpact": "EU users' data was exposed to access under Chinese law without the safeguards the GDPR requires.",
      "sources": [
        {
          "title": "Irish DPC press releases",
          "url": "https://www.dataprotection.ie/en/news-media/press-releases",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-eu-data-transfers-2023",
        "tiktok-ireland-children-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "tiktok-ireland-children-2023",
      "company": "tiktok",
      "title": "TikTok fined €345M over children's default settings",
      "year": 2023,
      "dateAnnounced": "2023-09-15",
      "jurisdiction": "Ireland / EU",
      "regulator": "irish-dpc",
      "law": "GDPR",
      "category": [
        "privacy",
        "children-safety"
      ],
      "amount": {
        "value": 345000000,
        "currency": "EUR",
        "usdApprox": 372000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The Irish DPC found that TikTok set children's accounts to public by default and had weak age-assurance safeguards, exposing young users' content.",
      "userImpact": "Children's posts were public by default, and weak age checks left minors exposed.",
      "sources": [
        {
          "title": "Irish DPC press releases",
          "url": "https://www.dataprotection.ie/en/news-media/press-releases",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-ireland-instagram-children-2022",
        "tiktok-ireland-datatransfers-2025"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "x-us-ftc-2022",
      "company": "x",
      "title": "Twitter's $150M FTC penalty over 2FA phone numbers",
      "year": 2022,
      "dateAnnounced": "2022-05-25",
      "jurisdiction": "US",
      "regulator": "ftc",
      "law": "FTC Act (consent order)",
      "category": [
        "privacy",
        "consumer-deception"
      ],
      "amount": {
        "value": 150000000,
        "currency": "USD",
        "usdApprox": 150000000
      },
      "penaltyType": "settlement",
      "status": "paid",
      "summary": "The FTC and DOJ penalised Twitter, now X, for using phone numbers and email addresses collected for account security, such as two-factor authentication, to target advertising.",
      "userImpact": "Data people provided to protect their accounts was quietly repurposed for ad targeting.",
      "sources": [
        {
          "title": "FTC press release",
          "url": "https://www.ftc.gov/news-events/news/press-releases",
          "type": "regulator"
        }
      ],
      "related": [
        "google-us-location-2022"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "uber-netherlands-2024",
      "company": "uber",
      "title": "Uber fined €290M over EU driver-data transfers",
      "year": 2024,
      "dateAnnounced": "2024-08-26",
      "jurisdiction": "Netherlands / EU",
      "regulator": "dutch-dpa",
      "law": "GDPR",
      "category": [
        "privacy"
      ],
      "amount": {
        "value": 290000000,
        "currency": "EUR",
        "usdApprox": 313000000
      },
      "penaltyType": "fine",
      "status": "under-appeal",
      "summary": "The Dutch data-protection authority fined Uber for transferring EU drivers' personal data, including identity documents and criminal and health data, to the US without adequate safeguards.",
      "userImpact": "Drivers' most sensitive records were moved abroad without the legally required protection.",
      "sources": [
        {
          "title": "Autoriteit Persoonsgegevens",
          "url": "https://autoriteitpersoonsgegevens.nl/en",
          "type": "regulator"
        }
      ],
      "related": [
        "meta-eu-data-transfers-2023"
      ],
      "lastVerified": "2026-07-02"
    },
    {
      "slug": "didi-china-2022",
      "company": "didi",
      "title": "Didi fined ¥8.03B in China over data-security violations",
      "year": 2022,
      "dateAnnounced": "2022-07-21",
      "jurisdiction": "China",
      "regulator": "cac",
      "law": "Data-security and personal-information law",
      "category": [
        "privacy",
        "security-breach"
      ],
      "amount": {
        "value": 8026000000,
        "currency": "CNY",
        "usdApprox": 1200000000
      },
      "penaltyType": "fine",
      "status": "final",
      "summary": "The Cyberspace Administration of China imposed a sweeping penalty on Didi for extensive data-security and personal-information violations following a year-long investigation.",
      "userImpact": "Riders' and drivers' personal data was collected and handled in violation of China's data-protection rules.",
      "sources": [
        {
          "title": "Reuters coverage of the Didi penalty",
          "url": "https://www.reuters.com",
          "type": "news"
        }
      ],
      "lastVerified": "2026-07-02"
    }
  ]
}