Security & Data Exposure fines
Design failures that exposed user data to leakage or misuse.
Security cases involve design failures that let personal data be scraped, leaked, or improperly accessed. They overlap heavily with privacy but centre on a breach of the duty to secure data rather than the legal basis for processing it.
4 penalties · ≈ $1.5B imposed
4 penalties
Didi · 2022
Didi fined ¥8.03B in China over data-security violations
The Cyberspace Administration of China imposed a sweeping penalty on Didi for extensive data-security and personal-information violations following a year-long investigation.
Meta · Facebook · 2022
Meta fined €265M over data scraping
The DPC found that design failures allowed the scraping of roughly 533 million users' phone numbers and personal details, which were later leaked online.
Meta · Facebook · 2022
Meta fined €17M over 2018 data breaches
The DPC fined Meta over a series of twelve data breaches in 2018, finding it had failed to have appropriate technical and organisational measures in place.
Amazon · Ring · 2023
Amazon's $5.8M Ring settlement over camera access
The FTC settled claims that Ring employees and contractors improperly accessed customers' home camera videos, and that lax security allowed outside access.