Some businesses rang in 2023 with significant fines for GDPR violations. It’s evident that GDPR is especially relevant when it comes to processing based on consent:
• A French data protection regulator fined Apple 8 mln Eur for nonconsensual advertisement tracking.
• Microsoft was fined 60 mln Eur by the same regulator for third-party cookie violations.
• Meta received a 390 mln Eur fine from the Irish data protection regulator for violating consent transparency obligations and for choosing an incorrect legal basis for data processing.
• Also, the Lithuanian data protection regulator issued a 6,000 Eur fine to the sports club manager for failing to inform its clients about the processed personal data and for processing its clients’ biometric data without having voluntary consent.
These situations highlight the importance for businesses to assess if the data can be processed on a legal basis other than consent. And if you rely on consent only, make sure it complies with the requirements of the GDPR, as non-compliance may evolve into a financially painful lesson.