Fines October 2023

1395516a.jpg

Top 3 Most Active Regulators by Volume of Fines

  1. Agencia Española de Protección de Datos (Spain)
  2. Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Persona (Romania)
  3. Croatian Personal Data Protection Agency (Croatia)/ Integritetsskyddsmyndigheten (Sweden)/The Information Commissioners Office (UK)

Fines October 2023

1395516b.jpg

Top 3 Most Active Regulators by Value of Fines

  1. The Information Commissioners Office (UK)
  2. Croatian Personal Data Protection Agency (Croatia)
  3. Agencia Española de Protección de Datos (Spain)

Fines YTD October 2023

1395516c.jpg

Top 3 Most Active Regulators by Volume of Fines

  1. Agencia Española de Protección de Datos (Spain)
  2. Garante per la protezione dei dati personali (Italy)
  3. Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (Romania)

Fines YTD October 2023

1395516d.jpg

Top 3 Most Active Regulators by Value of Fines

  1. Data Protection Commission (Ireland)
  2. Commission Nationale de l'Informatique et des Libertés – CNIL (France)
  3. The Information Commissioners Office (UK)

Top Fine

  • The UK Information Commissioners Office (ICO) fined Equifax Ltd £500,000 in 2017 in connection with a cyberattack. The ICO concluded that Equifax failed to take appropriate technical and organizational measures to prevent unlawful processing.
  • In October 2023, the UK Financial Conduct Authority (FCA) fined Equifax a further £15,949,200 (minus a 30% discount) for the same data breach.
  • The FCA held that the “cyberattack and unauthorized access to data was entirely preventable.”
  • The fine by the FCA is significant because it highlights the fact that Data Protection Authorities are not the only regulatory bodies able to levy substantial fines for breaches of privacy laws.

Key Takeaways

  • Breaches of a single individual's privacy can have significant consequences, particularly in the banking context.
  • Nigel Farage, a former UK politician and customer of Coutts, a British private bank, had his banking relationship terminated by Coutts.
  • Given Mr. Farage's prominence, a media furore followed during which the CEO of NatWest (the parent company of Coutts) was accused of “leaking private and inaccurate” information about Mr. Farage to the BBC. Mr. Farage complained to the ICO.
  • Ultimately, the CEO was forced to resign and the Bank's conduct was criticized by the ICO. In a statement issued the ICO said:

“we trust banks with our money and with our personal information. Any suggestion that this trust has been betrayed will be concerning for a bank's customers and for regulators like myself”

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.