What are the Leading Causes for Individual GDPR Fines?
At least 65 private individuals have received fines for GDPR violations in the EU since 2018.
The total number of GDPR fines since the law came into force in 2018 is 1,186, but only large fines against major corporations tend to make the news.
Still, private citizens can just as easily end up in court for data privacy violations. Below are the most common ways individuals ended up receiving fines for breaking GDPR.
CCTV
The report found that the majority of GDPR violations made by private citizens were related to their use of CCTV.
CCTV for private homes is legal, as long as public spaces and others’ private property is not recorded. This included public roads and pavements and neighbor’s property.
The Spanish Data Protection Authority fined a private citizen 3,000 euros for their CCTV which covered public spaces.
The individuals was not only fined for the use of the cameras, but for not properly informing the public of the camera’s presence.
By covering any public spaces with personal surveillance cameras, a person automatically becomes a ‘data controller’ under GDPR law.
In the UK, a private citizen was sued over the camera found in their smart doorbell, which was found to cover public spaces and their neighbor’s property, breaching data laws.
The landmark case caused the ICO to issue new guidance on domestic CCTV use.
Those using surveillance equipment were advised to only record their own private property, but if this was not possible, to make the public aware of the presence of the CCTVs, limit its use, delete footage, and respond to access requests from those filmed.
Social Media Pictures
Consent is the main theme of GDPR violations, and nowhere is this more pertinent than in social media.
A Spanish individual was fined 6,000 euros for sharing a video on social media of other individuals without their consent. As the faces were not pixelated, the individual would have required consent to post the video.
Even posting random people in public earned one photographer a fine, who had to pay 800 euros after posting pictures of strangers at the beach.
Dashcam Footage
A German citizen was fined for posting dashcam footage on youtube.
UK law concerning personal dashcams appears to differ from Europe, perhaps because a display of personal dashcam footage on the wider web has not been challenged yet.
The ICO, as of 2021, states that only company dashcams need to worry about GDPR.
Unsolicited Emails
Unsolicited emails tend to be considered an issue for businesses, but private individuals can be fined as well. A German citizen was fined 2,500 euros for sending emails that allowed recipients to view other user’s email addresses.
Catfishing
GDPR law treats catfishing as a case of identity theft, allowing individuals to sue those who use their personal data for impersonation purposes.
An individual in Ireland was fined for using someone’s personal photos to impersonate them on Tinder and Whatsapp.
GDPR: A Personal Issue
Since 2018, GDPR fines have amassed to over two billion euros, with the largest fine being 746,000 euros levied against Amazon in Luxembourg.
Though the large company violations and fines make the headlines, it is important to remember that GDPR laws affect private individuals as well.
As the UK government works on branching away from GDPR and creating a new data protection framework, it is important to consider how these changes will affect personal data collection.
Private citizens in the UK should therefore stay up to date on these changing laws, both to protect their own data and ensure they comply with the regulations to avoid fines.
Source: Digit News ( digit.fyi )
Contact Us
Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.
Recent blogs
Appointment of a DPO in Singapore: What You Need to Know Before 30th September
If your business handles personal data in Singapore, it’s important to be aware of a key deadline
Enterprise Data Protection: Securing Large-Scale Information Assets
Cyber threats and regulatory pressures have made it necessary for businesses around the world to sa
Continuous Data Protection: Ensuring Real-Time Information Security
Continuous data protection (CDP) has emerged as a crucial strategy in safeguarding data assets agai