The Fine
Intelligence Platform

The FTC imposed a record $5 billion civil penalty against Facebook for multiple violations of a 2012 consent order requiring affirmative user consent before sharing data with third parties, most visibly through the Cambridge Analytica scandal in which data from approximately 87 million users was harvested without consent. The FTC found Facebook made repeated misrepresentations about user privacy and the effectiveness of its privacy controls. The order imposed far-reaching structural requirements including creation of an independent privacy committee of Facebook's board and personal quarterly privacy certifications from CEO Mark Zuckerberg.

The DPC issued a €1.2 billion fine against Meta Ireland — the largest GDPR fine to date — for transferring personal data of EU/EEA Facebook users to the United States without adequate safeguards following the invalidation of Privacy Shield by the Court of Justice in the Schrems II ruling.

ING Bank N.V. entered into a €775 million deferred prosecution agreement (schikking) with the Dutch Public Prosecution Service for systemic AML failures spanning multiple years, including critically deficient customer due diligence processes that enabled large-scale money laundering linked to criminal organisations, corruption, and sanctions evasion. The settlement comprised €298 million in disgorgement and €477 million in fines, making it the largest corporate crime settlement in Dutch history at the time. Senior management were separately investigated for individual criminal liability.

ABN AMRO Bank N.V. reached a €480 million settlement with the Dutch Public Prosecution Service for sustained AML failures including inadequate customer due diligence, insufficient transaction monitoring, and failure to file suspicious transaction reports in a timely manner. Prosecutors established that ABN AMRO had been aware of the compliance deficiencies for years and had failed to implement adequate remediation, with shortcomings identified across the bank's operations between 2014 and 2020. The bank admitted to serious structural failures in its AML programme.

The DPC fined Instagram €405 million for mishandling the personal data of children and teenagers. The investigation found that children's accounts were set to public by default, and that contact details of minors were publicly accessible.

The Data Protection Commission (DPC) adopted its final decision regarding its inquiry into TikTok Technology Limited (TTL) on 1 September 2023.