A wave of regulatory enforcement has swept across global industries, with Big Tech firms such as Meta, LinkedIn, and Uber hit by some of the highest non-compliance fines issued over the past two years. A new report from compliance platform Secureframe highlights the mounting financial consequences of regulatory breaches, as authorities ramp up scrutiny under […]
A wave of regulatory enforcement has swept across global industries, with Big Tech firms such as Meta, LinkedIn, and Uber hit by some of the highest non-compliance fines issued over the past two years.
A new report from compliance platform Secureframe highlights the mounting financial consequences of regulatory breaches, as authorities ramp up scrutiny under frameworks including GDPR, HIPAA, and CCPA.
Topping the list is Meta, which has faced multiple penalties totalling $2.3 billion. The most significant was a €1.2 billion ($1.3 billion) fine levied by Ireland’s Data Protection Commission in 2023 for unlawful transfers of European user data to the United States.
Another €251 million ($263.5 million) fine followed in December 2024 for a historic Facebook data breach that compromised the personal details of 29 million users, including 3 million within the EU.
How can businesses comply with EU’s new cyber law?
LinkedIn was fined €310 million ($335 million) last October, also by Irish regulators, for processing user data without proper legal grounds—violating GDPR principles around fairness and transparency.
Meanwhile, Uber faced a €290 million ($312 million) penalty from Dutch authorities in August 2024 for similarly unlawful data transfers, marking the ride hailing app’s third fine in the Netherlands alone.
But it’s not just tech giants under fire. In the US, healthcare organisations have come under increasing scrutiny under HIPAA regulations.
Montefiore Medical Center was fined $4.75 million in February 2024 after an insider threat led to patient data being sold to an identity theft ring.
UK’s Online Safety Act comes into force
Other notable HIPAA settlements include $3 million from Solara Medical Supplies following two breaches, and $1.3 million from LA Care for exposing nearly 1,500 patients’ data due to mailing errors.
The Secureframe report warns that no industry is immune from regulatory oversight.
In total, HIPAA-related penalties have amounted to nearly $145 million, largely due to failures in protecting electronic protected health information (ePHI).
On the GDPR front, over 2,000 fines totalling €4.48 billion have been issued, with inadequate security and unlawful data processing the leading causes.
Experts are urging firms to adopt a proactive approach to compliance. Recommendations include implementing robust security frameworks, automating compliance monitoring, and investing in staff training.
“Reactive compliance approaches are exponentially more expensive than proactive programmes,” said Shrav Mehta, CEO of Secureframe. “Organisations that build continuous compliance into their operations don’t just avoid penalties—they enhance customer trust and strengthen their market position.”
