The GDPR Enforcement Fines at Glance

TL;DR

This paper analyzes GDPR enforcement fines, identifying key articles involved, and demonstrates that simple machine learning models can effectively predict fine amounts using text mining and meta-data features.

Contribution

It provides a novel analysis of GDPR enforcement decisions, highlighting the predictive power of text mining features over traditional meta-data for fine amount estimation.

Findings

Three GDPR articles are most frequently referenced in fines.

Simple machine learning models can accurately predict fine amounts.

Text mining features outperform meta-data features in prediction accuracy.

Abstract

The General Data Protection Regulation (GDPR) came into force in 2018. After this enforcement, many fines have already been imposed by national data protection authorities in Europe. This paper examines the individual GDPR articles referenced in the enforcement decisions, as well as predicts the amount of enforcement fines with available meta-data and text mining features extracted from the enforcement decision documents. According to the results, three articles related to the general principles, lawfulness, and information security have been the most frequently referenced ones. Although the amount of fines imposed vary across the articles referenced, these three particular articles do not stand out. Furthermore, a better statistical evidence is available with other meta-data features, including information about the particular European countries in which the enforcements were made. Accurate predictions are attainable even with simple machine learning techniques for regression analysis. Basic text mining features outperform the meta-data features in this regard. In addition to these results, the paper reflects the GDPR's enforcement against public administration obstacles in the European Union (EU), as well as discusses the use of automatic decision-making systems in judiciary.