Fines

01 Feb 2019
In February 2019 the UK Information Commissioner's Office issued fines totalling £120,000 against the EU referendum campaign Leave.EU (£15,000 and £45,000) and Eldon Insurance (£60,000), trading as Go Skippy Insurance, for serious breaches of electronic marketing laws. The ICO also said it would
09 Jan 2019
On January 9, 2019 the UK Information Commissioner's Office fined SCL Elections, also known as Cambridge Analytica, £15,000 for failure to comply with an enforcement notice the ICO issued in May 2018 ordering the company to respond in full to a subject access request submitted by US-based academic
05 Nov 2018
The results of a year-long review issued by the UK Information Commissioner's Office in November 2018 uncovered a "disturbing disregard for voters' personal privacy" on the part of 30 organisations, including social media platforms, political parties, data brokers, and credit reference agencies
09 Aug 2018
In 2018, the UK Information Commissioner's Office fined Emma's Diary, a site offering pregnancy and childcare advice owned by Lifecycle Marketing (Mother and Baby) Ltd, £140,000 for collecting and selling personal information belonging to more than 1 million people without disclosing in the site's
21 Sep 2018
In September 2018 the UK's Information Commissioner found that it was likely that during 2017 a number of migrant rough sleepers were reported to the Home Office enforcement teams by the homelessness charity St. Mungo's. The finding followed a complaint from the Public Interest Law Unit. The charity
24 Apr 2018
The US Securities and Exchange Commission announced in April 2018 that it would fine Altaba, formerly known as Yahoo, $35 million for failing to disclose its massive 2014 data breach. Yahoo did not notify the hundreds of millions of customers until the end of 2016, when it was closing its
01 Jul 2018
In July 2018 the UK's Information Commissioner's Office announced it would fine Facebook £500,000, the maximum under the 1998 data protection law, for failing to safeguard its users' information and lacking transparency about how the data was harvested and used by others, specifically Cambridge
15 Dec 2015
In 2015, Oracle and the US Federal Trade Commission settled charges that Oracle had compromised users' security by failing to remove older versions of Java SE from their computers when the software was updated. The software was installed on more than 850 million computers as of August 2014; Oracle
13 Jan 2000
In 2000, Experian entered into a consent decree with the Federal Trade Commission and agreed to pay $1 million to settle charges that the company blocked and delayed incoming phone calls from consumers wishing to discuss the contents of and possible errors in their credit reports. Under the Fair
21 Feb 2007
In 2007, Experience agreed to pay $300,000 to settle a Federal Trade Commission complaint that the company's ads for a "free credit report" failed to explain clearly enough that consumers who signed up would be enrolled in a credit-monitoring programme costing $79.95 per year. The FTC alleged that
23 Mar 2017
In March 2017, Experian agreed to pay a $3 million fine to settle a complaint brought by the Consumer Financial Protection Bureau that until 2014 the company had provided consumers with "educational" credit scores that were different from the FICO scores actually provided to credit card issues
04 Jan 2017
In January 2017 two of the three largest US credit reporting bureaus, Equifax and TransUnion, were jointly fined $23 million in a settlement with the Consumer Financial Protection Bureau. CFPB held that the two companies marketed some of their products as free or costing $1 when in fact consumers
02 Aug 2013
In August 2013, a jury in the Portland, Oregon Federal District Court awarded Julie Miller $18.4 million in punitive damages when despite two years of complaints and filings Equifax failed to rectify errors in her credit report that blocked many aspects of her financial life. Miller had followed the
30 Jul 2003
In 2000, and then again in 2003, the US Federal Trade Commission fined Equifax for blocking phone calls from consumers trying to get information about their credit or discuss their reports or making them wait for extended periods of time in violation of the Fair Credit Reporting Act. In 1996
30 Aug 2012
In 2012 the US Consumer Watchdog advocacy group filed a complaint against Google alleging that the company had violated its 2011 consent decree with the US Federal Trade Commission in the case about Google Buzz. The complaint was based on February 2012 revelations that the site was failing to honour
25 Jan 2012
In 2012, Google announced it would condense 70 different privacy policies into a single one that would allow the company to merge the data collected across all its services, including Maps, search, Android, Books, Chrome, Wallet, Gmail, and the advertising service provided by its DoubleClick
30 Mar 2011
In 2010, increasing adoption of social media sites such as blogs, Facebook, Twitter, and Flickr led Google to develop Buzz, an attempt to incorporate status updates and media-sharing into its Gmail service. Users could link their various social media feeds, including Picasa (Google's photo-sharing
15 May 2010
In 2010, Google revealed that a data audit required by Germany's data protection authority had revealed that since 2007 the cars deployed to capture images for its Street View project had accidentally captured 600GB of data from local wifi networks, including personal web browsing histories. Google
11 Sep 2017
In September 2017, the Spanish national data protection regulator fined Facebook €1.2 million, alleging that the company collected personal information from Spanish users that could then be used for advertising. The investigation, which took place alongside others in Belgium, France, Germany, and
18 May 2017
In May 2017, the European Commission fined Facebook $122 million for providing incorrect or misleading information during its 2014 acquisition of WhatsApp. At the time of the acquisition, Facebook assured the EC that it would not be able to link its accounts database to that of WhatsApp. After the
30 May 2017
In May 2017, the French data protection regular, CNIL, fined Facebook €150,000 saying the company had failed to inform users properly about how their personal data is tracked and shared with advertisers. The regulator did not, however, order the company to change its practices. The decision was one