In what is the second-largest GDPR fine to date, Ireland’s Data Protection Commission announced today that they have fined Facebook subsidiary WhatsApp €225million, or the equivalent of $267,198,750.00 USD, for several gross violations of GDPR (the General Data Protection Regulation in effect in the EU, as well as the UK since the UK’s ICO adopted it’s own “UK GDPR” following Brexit).

Microsoft has been fined to the tune of $732 million by the European Union, for failing to adhere to the requirements of a settlement agreement that resulted from Microsoft’s restrictive shipping of Windows computers pre-loaded with Internet Explorer as the default web browser, and with no obvious alternative. Joaquin Almunia, competition commissioner for the European Union, noted that it had been a mistake to let Microsoft monitor their own compliance with the agreement.

A recent report from the Federal Communications Commission (FCC), following a 17-month investigation, reveals that, contrary to what Google’s position had been all this time, Google actually knew that their Street View drive-bys were sucking down people’s personal data through any open wifi routers that the Street View van encountered. And not just a little bit – but for nearly three years, between 2007 and 2010. Private data that was harvested from individuals includes email (the full text of!), passwords, sites visited, and other sensitive information. Until now Google had always maintained that they didn’t realize it was happening, and that it was an accident wraught by a single engineer at Google. Turns out that supervisors knew all along that it was going on. While the FCC concludes that Google did not break any laws, there was a heck of a lot of invasion of privacy going on, and, in addition, Google was slapped with a $25,000 fine for obstructing the investigation.

The Federal Trade Commission (FTC) has fined game developer RockYou.com $250,000 for, among other things, failing to adequately secure their customers’ user data. While the FTC slammed Rock You for COPPA (the Children’s Online Privacy Protection Act rule) violations, in part because RockYou collected information from children under the age of 13 without parental consent, the Feds made a point of noting that “the company’s security failures put users’ including children’s personal information at risk” while at the same time claiming that they had adequate security measures in place. Adequate security measures our foot! They stored their user data in plain – i.e. unencrypted – text! The FTC settlement and fine follows a 2 year investigation into the hacking of RockYou servers in 2009 which exposed the date of 32 million users.

Employees at Morgan Stanley may think twice before they delete their email, after a judge slapped a $1.45billion judgement on the financial giant because they just hit delete.