By Jess Jones
Tech companies have gotten in trouble this year for a number of serious data breaches but regulatory bodies have cracked down on data protection and financial conduct violations.
It comes at a time when trust in tech companies, especially ones which involve social media, is low.
In the UK, public trust levels in big tech firms such as Amazon and Microsoft shrank from 60 to 57 per cent in 2022, according to a government report.
Here are the largest penalties for data breaches dished out in 2023:
5. Equifax
In October, the UK regulator the Financial Conduct Authority (FCA) fined consumer credit rater Equifax £11m for exposing millions to financial crime risks and delaying regulator notifications following a major 2017 attack.
A massive cybersecurity breach of Equifax’s parent company occurred in 2017 when hackers accessed the personal details of nearly 148 million US customers.
4. ED&F Man Capital Markets
Several months prior to Equifax’s fine, the FCA hit City broker ED&F Man Capital Markets witha landmark £17.2m penalty for “serious failings”, allowing clients to illegitimately reclaim tax from Danish authorities.
3. Criteo
The online adtech giant received a €40m (£34m) fine — about two per cent of its total global revenue — from the French data protection authority in June for failing to ensure users that their partners had provided consent for Criteo’s use of cookies.
2. Tiktok
Ireland’s Data Protection Commission (DPC) charged TikTok some €345m (£296m) in September for GDPR violations, including setting underage users’ accounts to public and poor transparency. Tiktok said that it “respectfully disagreed” with the severity of the fine imposed.
In April the Chinese company was fined £12.7m by the Information Commissioner’s Office (ICO) for illegally processing the personal data of 1.4 million children under the age of 13 and using it without gaining consent from parents or guardians.
1. Meta
The parent company of Facebook faced a record €1.2bn (£1bn) fine from the DPC in May for mishandling personal data during international transfers between Europe and the US.
A few months earlier in January, the Irish data watchdog slapped Meta with a €390m (£336m) fine for breaches of EU data privacy rules on Facebook and Instagram, as well as for providing unclear information to users.
Vivek Dodd, chief executive of Skillcast, a corporate compliance training service that compiled the list, described it as “an alarming reality”.
“These fines serve as a stark reminder that compliance is not just a legal obligation; it’s a moral imperative. Trust is a currency in the digital era, and corporations must value transparency, accountability, and a commitment to safeguard their users,” Dodd said.
