This year, penalties relating to GDPR and Financial Conduct Authority (FCA) regulatory breaches have shaped the trajectory of compliance and accountability for companies across various sectors.
Large fines resulting from regulatory breaches not only significantly impact a company’s financial health but also cast a shadow over employee wellbeing. Beyond the direct financial ramifications, these fines illuminate the broader consequences of non-compliance, including damage to a company’s reputation and the potential erosion of employee morale.
The Most Significant Fines of 2023
- Meta Platforms Ireland Ltd. – €1.2bn fine
GDPR breaches – Art. 46 (1)Ireland’s Data Protection Commission (DPC) imposed a €1.2 billion fine on Meta Platforms Ireland Ltd., the parent company of Facebook, for mishandling personal data during international transfers between Europe and the United States. The breach centred around Meta’s failure to provide adequate data protection in its transfers, conducted through standard contractual clauses.Meta has announced its intention to appeal the decision. - Meta Platforms Ireland Ltd. – €390m fine
GDPR – Breaches of Art. 5 (1) a), Art. 6 (1), Art. 12, Art. 13 (1) c)Meta Platforms Ireland Ltd. returns to the spotlight with a £390 million fine for improperly soliciting individuals’ data for Facebook and Instagram advertising. The Irish Data Protection Commission (DPC) stressed that Meta cannot compel consent and must offer clear information on data usage.The regulatory scrutiny also uncovered Meta’s lack of clarity regarding the purpose of data usage, leading to this substantial penalty. - TikTok Ltd – €345m fine
GDPR – Breaches of Art. 46 (1)The Irish Data Protection Commissioner (DPC) fined TikTok €345 million for several GDPR violations. These encompassed setting 13-17-year-old users’ accounts to public, insufficient transparency, and inadequate verification in the ‘family pairing’ scheme. TikTok’s failure to mitigate risks to underage usersintensified the severity of the breach. - Criteo – €40m fine
GDPR – Breaches of Art. 7 (1), (3), Art. 12, Art. 13, Art. 15 (1), Art. 17 (1), Art. 26Criteo, an online advertising specialist, received a €40 million fine from the French Data Protection Authority (CNIL), equivalent to approximately 2% of the company’s global revenue. The penalty was due to Criteo’s failure to ensure its partners, including publishers, obtained user consent for using Criteo’s cookies. CNIL held Criteo responsible for consent verification despite this being primarily the partners’ responsibility. - ED&F Man Capital Markets Ltd – £17.2m fine
FCA – Breaches of Principle 2 and Principle 3The FCA fined ED&F Man Capital Markets Ltd. (MCM) £17.2 million for severe oversight lapses in its cum-ex trading strategy, enabling clients to reclaim tax illegitimately. Inadequate compliance checks and risk assessmentled to this being the largest FCA fine in a cum-trading case, underscoring the crucial need for stringent oversight in financial markets. - TikTok – £12.7m fine
GDPR – Breaches of Art. 5 (1) a) GDPR, Art. 12 GDPR, Art. 13 GDPRThe ICO fined TikTok £12.7 million for illegally processing data of 1.4 million children under 13, citing failures in preventing underage access and inadequate checks. The ICO emphasised TikTok’s unlawful processing of UK users’ personal data. After the investigation, the ICO introduced a Children’s Code to bolster digital protection for children. - Equifax Limited – £11.1m fine
FCA – Breaches of Principle 3Equifax Limited faced an £11 million FCA fine for preventable shortcomings that left millions exposed to financial crime risks. The FCA highlighted Equifax’s delayed regulator notification and misleading public statements after a 2017 security breach. This penalty follows a 2018 ICO fine of £500,000, demonstrating ongoing regulatory action on data breach.
If you are concerned about compliance gaps within your business, visit the Skillcast site for further information on compliance audits and training.
Joanne is the editor for Workplace Wellbeing Professional and has a keen interest in promoting the safety and wellbeing of the global workforce. After earning a bachelor's degree in English literature and media studies, she taught English in China and Vietnam for two years. Before joining Work Well Pro, Joanne worked as a marketing coordinator for luxury property, where her responsibilities included blog writing, photography, and video creation.