A € 11 million privacy fine was issued by the Italian data protection authority against 5 companies involved in the money transfer business.
The “track record” of the Italian data protection authority
In 2014 Google had been sanctioned with a € 1 million fine by the Italian Data Protection Authority for the breach of privacy laws performed through the recording of images necessary for Google Maps Street View service by their cars. This was up until now the highest fine issued in the European Union for the breach of data protection laws.
The privacy breach of 5 money transfer companies
The Italian privacy authority seems to be willing to keep the “record” of the highest fine in the European Union. It now sanctioned an English company and 4 Italian companies that collected and transferred sums of money in China due to Chinese entrepreneurs, in violation not only of anti-money laundering legislation, but also of data protection laws.
Such companies were circumventing anti-money laundering laws fractioning money transfers so that they were below the threshold of relevance for AML laws, attributing them to thousands of unaware of customers whose personal data was unlawfully processed.
The challenged privacy breach related to the data processing without the individuals’ consent. And indeed the Italian Data Protection authority was able to reach the massive amount of € 11 million by issuing a fine of € 10K per the 1,076 people whose personal details were unlawfully processed, plus € 50K fines issued because of the concurrent multiple privacy breaches.
Will it remain an isolated case?
The General Data Protection Regulation will considerably increase the fines applicable for privacy breaches up to 4% of the global turnover or € 20 million, depending of which amount is higher. The peculiarity of these fines is that there isn’t a minimum amount, even though it might be provided by the each country.
We will have to see the approach taken by European data protection authorities on applicable fines. But there is no doubt that such fines, coupled with the accountability principle and the recent precent of the € 11 million fine above, might become a strong convincing tool for companies to comply with applicable privacy rules.
If you found this article interesting, please share it on your favorite social media.