Somebody has been fined for reporting illegal parking to the city. Yes really, they say he has no legitimate interest in reporting people who park on the sidewalk in a way that's endangering pedestrians.
Go to https://www.enforcementtracker.com, which collects and publishes GDPR fine information. Type in "Private Individual" as a filter in the "Controller/Processor" column. I see twenty-ish results, mostly from Spain. My Spanish is rusty and non-technical, but I think some of those fines are about posting videos to social media.
> 2. This Regulation does not apply to the processing of personal data:
> (c) by a natural person in the course of a purely personal or household activity;
There is an exemption for private individuals conducting their personal affairs. But it still applies to private individuals acting in a public space. Article 4 also reinforces that a Controller may be a natural person.
I cant think of anything other than personal or household activities.
Unless youre talking about one-person companies. But then, I consider them companies, even if they are only one person.
This is one of those things where different countries take different approaches (or at least have different pointes of emphasis). But the classic example is a security camera you install on your own house (or these days, a doorbell camera). If it can only see your own property, that's a household activity and is not covered by GDPR. If it records video of people walking on the public sidewalk outside your house, then GDPR applies to that recording.
As noted elsewhere, most of the fines against private individuals have been issued by Spain. And my mediocre Spanish literacy leads me to believe several of those fines are for posting videos on social media.