Cullen International’s new benchmark shows that data protection authorities in half of the 16 surveyed European countries imposed fines on big tech companies for either General Data Protection Regulation (GDPR) or e‑Privacy Directive (ePD) infringements since the entry into application of the GDPR in May 2018.
The benchmark shows that Luxembourg is the country with the highest sum of fines imposed with €746m, followed by Ireland and France.
Amazon, WhatsApp and Google are the big tech companies which incurred in the highest sum of fines at €781m, €225m and €155.7m respectively.
The benchmark also looks at whether, in the event of GDPR infringement in multiple EU member states, big tech companies benefitted from the cooperation and consistency mechanism introduced by the GDPR. The mechanism aims to achieve the consistent application of the GDPR throughout the EU.
For more information and access to the benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
25 February 26
Protection of minors: overview of national initiatives on banning access to social media
Our latest benchmark shows that an increasing number of European countries are discussing a potential social media ban on children.
23 February 26
The DNA explained: universal service to serve the same goals under a revised approach
Cullen International is issuing a series of analyses on different aspects of the Digital Networks Act (DNA) proposal. This report covers universal service.
20 February 26
Revised Cybersecurity Act (CSA2) - Changes to the EU cybersecurity certification framework
Cullen International published an analysis of the proposed changes to the EU cybersecurity certification framework under the draft Cybersecurity Act 2 (CSA2) delivered by the European Commission on 20 January 2026.