European data regulators issued a record \u20ac1.65 billion in fines last year, a 50% increase from 2021. That\u2019s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year\u2019s biggest fine of \u20ac405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for alleged failures to protect children\u2019s personal data. The Irish DPC also fined Meta \u20ac265 million for failing to comply with the GDPR obligation for Data Protection by Design and Default. Both fines are currently under appeal.Despite the overall increase in fines since January 28, 2022, the fine of \u20ac746 million that Luxembourg authorities levied against Amazon last year remains the biggest to be issued by an EU-based data regulator to date (though the retail giant is still believed to be appealing).The report also revealed a notable increase in focus by supervisory authorities on the use of artificial intelligence (AI), while the volume of data breaches reported to regulators decreased slightly against the previous year\u2019s total.GDPR fines continue to rise as authorities\u2019 confidence growsThe latest edition of the GDPR and Data Breach survey showed a significant year-on-year increase in the aggregate value of GDPR fines. \u201cThe increase demonstrates supervisory authorities\u2019 growing confidence and willingness to impose high fines for breaches of the GDPR, particularly against large technology vendors, and has also been influenced by the highly inflationary impact of the EDPB,\u201d the report read. \u201cLocal data protection authorities will no doubt have been watching the EDPB decisions under the GDPR consistency mechanism with interest and will know that the EDPB is yet to reduce any fine proposed by a lead supervisory authority. All EDPB decisions regarding fines have resulted in a significant increase in the final fine imposed,\u201d it added.The survey also highlighted the impacts of some notable decisions made by data protection supervisory authorities this year considering the application of the Schrems II and Chapter V GDPR requirements to specific international transfers of personal data.Ross McKean, chair of the UK Data Protection and Cybersecurity Group, stated: \u201cThe spate of Irish DPC fines targeting the behavioral advertising practices of social media platforms this year have the potential to be every bit as profound for the future of the \u201cgrand bargain\u201d at the heart of today\u2019s \u2018free\u2019 internet. Given what is at stake, we can expect years of appeals and litigation. The law is very far from settled on these issues.\u201dIreland (\u20ac1,303,514,500), Luxembourg (\u20ac746,345,675), and France (\u20ac428,238,300) topped the list of the total value of GDPR fines imposed from May 25, 2018, to date, with the UK (\u20ac59,242,800) in seventh.Data regulators increase focus on use of AIData protection regulators are increasing their focus on use of AI and the role personal data plays in training AI technology, the report stated. \u201cAI is impacting every sector, from process automation, machine learning, chat bots, facial recognition through to virtual reality and beyond. Personal data is often the fuel that powers AI used by organizations. It tailors search parameters, spots behavioral trends, and predicts future possible outcomes,\u201d the report read. As many AI systems use personal data, regulation of these systems often falls within the scope of GDPR. \u201cSeveral data protection supervisory authorities have issued guidance on the use of personal data for AI this year,\u201d the report added.In May 2022, the UK Information Commissioner\u2019s Office (ICO) fined facial recognition company Clearview AI Inc \u00a37,552,800 for breaking data protection laws over its use of images of people\u2019s faces and data from publicly available information. The ICO claimed the firm collected more than 20 billion images of people\u2019s faces and data from publicly available information on the internet and social media platforms all over the world to create an online database but failed to inform people that their images were being collected or used in this way.