The Most Recent Global Compliance and Privacy Fines (Q1 2025)

The landscape of regulatory enforcement for privacy and compliance continues to intensify worldwide. In the first months of 2025, authorities have imposed significant fines on both multinational corporations and local businesses for violations ranging from data privacy breaches to environmental and workplace safety non-compliance. Below is an in-depth analysis of the most recent and impactful fines, highlighting the growing importance of robust compliance programs.

The 10 Most Recent and Significant Cyber Attacks and Data Breaches Worldwide (Q1 2025)

The first quarter of 2025 has seen an unprecedented surge in cyber attacks and data breaches, affecting organizations across every continent and sector. From ransomware paralyzing critical infrastructure to massive data leaks exposing millions, the threat landscape is more volatile and damaging than ever. Here is an in-depth look at

Breached CompanyBreached Company

1. Meta (Facebook) – €1.2 Billion GDPR Fine (EU, May 2023)

Meta was hit with a record-breaking €1.2 billion fine by the Irish Data Protection Commission for transferring personal data of European users to the United States without adequate protection mechanisms. This case underscores the EU’s strict stance on cross-border data transfers and its willingness to impose severe penalties on tech giants that fail to comply with the General Data Protection Regulation (GDPR)28.

2. TikTok – €345 Million GDPR Fine (EU, 2023)

TikTok received a €345 million fine from the Irish Data Protection Commission for failing to protect the privacy of underage users. The platform’s default settings made the accounts of users aged 13 to 17 public, exposing minors’ content and personal information. This fine highlights regulators’ focus on protecting children’s data and enforcing privacy by default2.

3. Google – €150 Million GDPR Fine (EU, 2024)

Google was fined €150 million for failing to provide users with proper mechanisms to refuse cookies, violating GDPR’s consent requirements. This penalty demonstrates ongoing regulatory scrutiny of big tech’s data collection and consent practices2.

4. Orange Espagne – €1.2 Million GDPR Fine (Spain, Q1 2025)

Spain’s data protection authority (AEPD) fined Orange Espagne €1.2 million after a franchise employee issued a duplicate SIM card without customer consent, enabling SIM-swapping fraud. The regulator cited inadequate identity verification and failure to implement necessary safeguards, holding the company responsible despite claims of individual misconduct3.

5. Caja Rural de Jaen – €400,000 GDPR Fine (Spain, Q1 2025)

Caja Rural de Jaén, Barcelona y Madrid was fined €400,000 after a cyberattack exposed sensitive customer data. The penalty was imposed for insufficient security measures, and the bank’s attempt to shift blame to its IT provider was rejected by regulators, reinforcing that ultimate responsibility for data protection rests with the data controller3.

6. Wind Tre – €16.7 Million GDPR Fine (Italy, 2024)

The Italian regulator fined telecom company Wind Tre €16.7 million for unlawful direct marketing and including personal data in public directories without consent. The case highlights the importance of respecting user consent and data protection rights in marketing practices2.

7. Eni Gas e Luce – €11.5 Million GDPR Fine (Italy, 2024)

Eni Gas e Luce was fined €11.5 million for illegally processing personal data for telemarketing and forging information on contracts. This emphasizes the risks of unauthorized data processing and deceptive practices2.

8. Grindr – €6.5 Million GDPR Fine (Norway, 2024)

Norway’s Data Protection Authority fined dating app Grindr €6.5 million for sharing users’ data with third parties without proper consent. This was the largest fine issued by Norway’s DPA and highlights the consequences of disregarding user consent2.

9. U.S. Security Camera Company – $2.95 Million FTC Fine (U.S., Q1 2025)

A U.S. security camera company agreed to pay a $2.95 million penalty for violating the CAN-SPAM Act and failing to secure consumer data, which allowed hackers to access cameras in sensitive locations. The settlement also requires the company to implement a comprehensive information privacy program6.

10. California Consumer Privacy Act (CCPA) – Increased Fines (U.S., Effective January 2025)

The California Privacy Protection Agency announced increased monetary damages, administrative fines, and civil penalties for CCPA violations, effective January 1, 2025. These adjustments, made in line with inflation, reflect California’s ongoing commitment to strong consumer privacy protections and are expected to impact enforcement actions in the coming year5.

Google Faces £5 Billion UK Lawsuit Over Search Dominance: An In-Depth Analysis

Overview of the Lawsuit Google, the world’s leading search engine and digital advertising platform, is facing a landmark class action lawsuit in the United Kingdom. The suit, filed in the UK Competition Appeal Tribunal on April 16, 2025, seeks damages exceeding £5 billion ($6.6 billion) and accuses Google

Compliance Hub WikiCompliance Hub

Key Trends and Regulatory Developments

• Rising Fine Amounts: GDPR fines continue to reach record levels, with cumulative penalties totaling nearly €5.88 billion by January 20258.
• Focus on Children’s Data: Regulators are prioritizing the protection of minors, as seen in the TikTok and Meta fines related to underage user data28.
• Accountability for Data Controllers: Attempts to shift blame to third-party providers are being rejected, reinforcing that ultimate responsibility for data protection lies with the organization collecting the data3.
• Expansion of U.S. Privacy Laws: With 11 new comprehensive privacy laws set to take effect in 2025 and 2026, about half of the U.S. population will be covered by state-level privacy protections, signaling a shift toward more rigorous enforcement and higher penalties6.
• Increased Penalties for Non-Privacy Compliance: U.S. agencies, such as OSHA and the EPA, have also raised maximum penalties for workplace safety and environmental violations, reflecting a broader trend of stricter regulatory enforcement147.

Conclusion

The first quarter of 2025 has seen substantial fines for privacy and compliance violations worldwide, driven by increasingly stringent regulations and proactive enforcement. Organizations must prioritize robust compliance programs, transparent data practices, and proactive risk management to avoid severe financial and reputational consequences in this evolving regulatory landscape.

Citations:

1. https://www.dir.ca.gov/DIRNews/2025/2025-10.html
2. https://wplegalpages.com/blog/biggest-gdpr-fines/
3. https://www.skillcast.com/blog/biggest-gdpr-fines-2025
4. https://www.lion.com/lion-news/january-2025/new-maximum-civil-penalties-for-environmental-violations
5. https://cppa.ca.gov/announcements/2024/20241217.html
6. https://www.gibsondunn.com/us-cybersecurity-and-data-privacy-review-and-outlook-2025/
7. https://www.littler.com/news-analysis/asap/osha-announces-new-higher-penalties-violations-2025
8. https://dataprivacymanager.net/5-biggest-gdpr-fines-so-far-2020/
9. https://occ.gov/news-issuances/news-releases/2025/nr-occ-2025-5.html
10. https://www.ncontracts.com/nsight-blog/enforcement-actions-roundup-february-2025
11. https://www.globalprivacyblog.com/2025/02/gdpr-fines-to-be-determined-by-reference-to-global-turnover-of-corporate-group/
12. https://www.hrlogics.com/rising-i-9-penalties-critical-compliance-strategies-for-2025
13. https://www.ftc.gov/news-events/news/press-releases/2025/02/ftc-publishes-inflation-adjusted-civil-penalty-amounts-2025
14. https://www.dlapiper.com/insights/publications/2025/01/dla-piper-gdpr-fines-and-data-breach-survey-january-2025
15. https://fpf.org/blog/what-to-expect-in-global-privacy-in-2025/
16. https://acatimes.com/in-historic-move-irs-lowers-2025-aca-penalt-amount
17. https://home.treasury.gov/news/press-releases/sb0038
18. https://measuremindsgroup.com/data-privacy-laws-in-2025
19. https://www.statista.com/statistics/1558061/gdpr-fines-number-by-type-of-violation/
20. https://www.fec.gov/updates/commission-adjusts-civil-penalties-for-2025/