(by Federica De Stefani, lawyer and head of Aidr Lombardy Region) In 2020, a total of 341 administrative sanctions were imposed in the European Economic Area for violations of the Gdpr and national regulations on the protection of personal data.
From the analysis of the “Statistical Report 2020, privacy sanctions in Europe” drawn up by the Federprivacy Observatory, important elements emerge with reference to the numbers of sanctions, the most sanctioned sectors, the most frequent violations and the most active Authorities.
The numbers
During 2020, 341 penalties were imposed by the Guarantor Authorities in the EEA, for a total of € 307.923.725, with December winning the title of the most severe month with the issuance of 48% of the total penalties for the entire year (for an amount of € 148.156.645).
With reference to the amount of the sanctions issued, the most severe Authority is the French one, with a total amount of € 138.316.300 for 8 sanctions issued. In the calculation, however, it must not be forgotten that the maxi penalty imposed by the CNIL on Google is included, which alone amounts to 50 million euros, inflicted in 2019, but confirmed in 2020 following the appeal to the French Council of State.
In the ranking for the amount of sanctions issued, Italy ranks second, with a total amount of € 58.176.601 for a total of 35 sanctions.
Portugal, Slovenia, Liechtenstein and Luxembourg, on the other hand, are positioned at the bottom of the ranking for not having issued any sanctions.
On the other hand, considering the number of sanctions imposed, the "most severe" Authority is Spain with 133 sanctions issued during 2020.
The violations
Analyzing the violations that have been sanctioned by the Guarantor Authorities, it emerges that the most frequently contested, which represent 81,1% of the total, concern the lawfulness of the processing.
This is followed by failure to adopt security measures, failure to respect the rights of the interested party and information.
The most sanctioned sectors
If we consider the number of proceedings, the most sanctioned sector in 2020 is that of telecommunications with a total number of 69 fines, followed by that of services and that of commerce, with 47 and 45 penalties respectively, while the public administration was subject to 41 fines from the control authorities.
On the contrary, if we analyze the economic value of the sanctions, the most affected sector is the internet and e-commerce sector with a total amount of 144,9 million euros in fines (which is equal to 47% of the total), and followed by that of telecommunications, that of trade and production activities, that of transport and hotels.
The most severe and the most active authority
Analyzing the sanctions imposed both by number and by overall amount, the most severe Authority is the French one, while the Spanish Authority is awarded the “title” of the most active authority in the European Economic Area.
The CNIL in 2020 imposed 8 penalties for a total of € 138.316.300, but as already mentioned, the penalty imposed on Google in 2019, but confirmed only in 2020 by the French Council of State, also falls into the calculation.
The Spanish Guarantor Authority, on the other hand, imposed 133 penalties for a total amount of € 8.080.710, with an average of € 60.757 per penalty.
The Italian authority
From the analysis of the data, the Italian Guarantor Authority is among the most active, both for the number of sanctions, 35 in 2020, second only to Spain, equal to 10,3% of the overall sanctions issued in the EEA, and for the total amount of the fines imposed, amounting to € 58.176.601, second, in this case, only to France.