Data breaches and similar violations have sent social media giants to court several times so far. But how much did they actually have to pay for their actions? Cybersecurity firm Surfshark recently analyzed it, and the results are staggering. According to the study, since the General Data Protection Regulation (GDPR) was established in 2018, half of the top 10 social media platforms have incurred fines totaling €2.9 billion ($3.1 billion) for GDPR violations. What’s more, one-third of these fines were linked to children’s data!
Surfshark’s study drew information from the GDPR Enforcement Tracker. They examined the ten most popular social media platforms based on active user count, including Facebook, Instagram, TikTok, WhatsApp, and X (formerly Twitter).
In assessing fines, the research included individual platform names and their parent companies, such as “Meta Platforms, Inc.” For each violation, the study meticulously recorded the fine amount, the issuing country, and analyzed relevant legal documents. They mainly focused on breaches related to children’s data.
The key insights
Among the scrutinized platforms, European data protection authorities imposed 13 fines. It’s probably not surprising that Meta’s platforms (Facebook, Instagram, and WhatsApp) accounted for the major share of these fines. These sum up to €2.6 billion. TikTok followed, with fines amounting to €360 million, while X (formerly Twitter) received a single fine of €450k.
A deep concern: Children’s data protection
As I mentioned, one-third of these fines were related to children, which is particularly concerning. Surfshark’s study revealed that €765 million of penalties directly related to inadequate protection of children’s data.
Infringements and their consequences
A wake-up call
This Surfshark study is a stark reminder of social media platforms’ responsibilities in safeguarding user data, particularly children’s. The fines imposed over the past five years underline the critical need for these platforms to reassess and strengthen their data protection measures, ensuring compliance with GDPR.