John Magee

The 2023 figure includes a €1.2 billion fine imposed on Meta in Ireland, which is now the highest fine ever imposed under the GDPR.

Ireland has imposed fines totalling €2.86 billion since the GDPR came into effect in May 2018, more than any other EU country.

However, DLA Piper’s annual GDPR and data breach survey also highlights that the 2023 fine total was an increase of 14.1 per cent on the €1.56 billion issued in the previous year — a much smaller increase than the 50 per cent reported last year.

This slowdown has been driven by a number of successful appeals in various jurisdictions, which have seen fines reduced or in some cases completely overturned, as well as fewer fines issued by European data protection authorities following opinions and binding decisions of the European Data Protection Board, the firm said.

John Magee, partner and chair of data, privacy and cybersecurity at DLA Piper in Dublin, said: “The Irish Data Protection Commission continued to play a central role in shaping GDPR interpretations this year, notably with key decisions and fines on issues ranging from transparency and data transfer to information security and children’s privacy.

“As Commissioner Helen Dixon steps down after a decade, her legacy of firm but fair leadership sets the stage for a new panel of commissioners at the DPC who will continue to ace complex challenges under the watchful eye of the EDPB.

“While some key regulatory decisions have been reached, many remain under appeal through both the Irish and EU courts — leading to an unresolved legal landscape post-GDPR. For businesses navigating this evolving data protection framework, balancing strategic adaptability with operational efficiency remains a challenging tightrope to walk.”

Ross McKean, chair of data, privacy and cybersecurity in the UK, added: “Legal uncertainty is set to continue under GDPR. For social media and big tech in particular, record-breaking fines and orders to suspend illegal processing are an ever-present danger; they are in effect a ‘data tax’ when doing business in Europe.

“There are also many new and proposed laws and regulations applying to data and the digital world. Governance and effective risk management are essential for organisations to be able to tackle this complexity and compliance risk, and to ensure business continuity.”