European data agencies imposed $193 million (€159 million) in fines in the last year, according to research by DLA Piper, first reported by the Financial Times.
This accounts for around 40% of all sanctions given out since the General Data Protection Regulation laws came into effect in May 2018, according to The Financial Times.
Over the course of those two years, European data control authorities have imposed $331 million (€272 million) in penalties, half of which was imposed by Italian and German authorities.
Fines have only skyrocketed since the law was passed, and the number of reported breaches of GDPR laws has also increased.
Global vice-president of the Data Protection and Security Group of DLA Piper, Ewa Kurowska-Tober, explained in the report that the regulators have been “testing the limits of their powers this year, issuing fines for a wide variety of infringements of Europe’s tough data protection laws.”
“[They] certainly haven’t had things all their own way, with some notable successful appeals and large reductions in proposed fines,” Kurowska-Tober said.
Ross McKean, the president of DLA Piper’s data protection and security group for the United Kingdom, said a “degree of leniency” has been afforded to companies over the course of the pandemic to account for the financial hardships.
McKean suggested that in the coming months, Britain could see its control bodies enforce further sanctions after the European Court of Justice suspended data transfers with the US in a landmark ruling that prompted action from Facebook.
Both the UK and the EU have upper limits of 4% of global turnover when it comes to sanctions, unless this is less than $24 million.
Estelle Massé, a senior policy analyst at Access Now, told the Financial Times that data protection agencies should, alongside fines, “use all other punitive sanctions available under the GDPR, such as the possibility to suspend data transfers or to request data acquired unlawfully to be deleted.”
Massé had previously told Forbes that the GDPR law would be “as useful as a chocolate teapot” if it were not enforced.