Enforcement Tracker


    Enforcement Tracker


    The OneTrust privacy team tracks, categorizes, and indexes enforcement decisions around the globe. An “enforcement decision” includes both regulatory actions by a data protection authority (e.g. CNIL, Garante, FTC, etc.) and judicial decisions (e.g. U.S. District Court, CJEU, etc.). Some decisions include a monetary penalty and others require some sort of conforming behavior (e.g. provide notice, cease misrepresentation, etc.) while others have no penalty at all. We will continue to update this page with the most recent and relevant enforcement information from across regions, industries, and time periods.

    Last Updated: August 30, 2019

  • Worldwide enforcement tracker

    See below for a current overview of enforcement actions issued by the following regulatory bodies:

    In the U.S.:

    • The Federal Trade Commission (FTC)
    • The Department of Health and Human Services (HSS)

    In Europe:

    • United Kingdom – The Information Commissioner’s Office (ICO)
    • France – The ‘Commission nationale de l’informatique et des libertés’ (CNIL)
    • Netherlands – The ‘Autoriteit Persoonsgegevens’ (AP)

    Click on the pie chart to find out more about a particular category of enforcement actions.


Want to learn more? Login to the full DataGuidance platform.

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit OneTrust.com or connect on LinkedIn, Twitter and Facebook.