Italian DPA Press Releases 2008–2026: Fines, Bans, AI Actions
The Italian Data Protection Authority (Garante) publishes an index of press releases from 2008–2026 documenting enforcement actions, investigations, and guidance on data protection and AI. Notable actions include Amazon worker data record-keeping order (2026), Clearview AI €20M fine and biometric ban (2022), Enel Energia €26.5M telemarketing fine (2022), Glovo €2.6M algorithmic discrimination fine (2021), Google Analytics ban (2022), DeepSeek block (2025), and ChatGPT restrictions (2023). The index captures nearly two decades of Italian DPA enforcement activity spanning tech platforms, energy companies, and AI systems.
Annual Reports 1997-2024 English Summaries Available
The Italian Data Protection Authority (Garante) publishes its archive of annual reports spanning from 1997 to 2024. English summaries and highlights are available for reports from 2013 onwards. Each report entry includes the full text (Testo della relazione), summary sheet (Scheda di sintesi), English summary, presidential speech (Discorso del Presidente), and presentation video. This document does not impose new compliance obligations.
Six Norwegian Websites Fined for Unlawful Tracking Pixel Data Sharing
The Norwegian Data Protection Authority completed inspections of six websites using tracking pixels and found all six unlawfully shared visitor personal data with third parties without legal basis. Several shared sensitive personal data categories. One website (116111.no) was fined NOK 250,000 while the other five received reprimands. The authority also issued guidance on tracking tool requirements.
Administrative Fine NOK 250,000 for Failure to Provide Employee Data Access - Timegrip AS
The Norwegian Data Protection Authority imposed an administrative fine of NOK 250,000 on Timegrip AS for denying 80 employees access to their personal time-tracking data following the bankruptcy of their employer. The DPA found that despite acting as a data processor, Timegrip exercised effective control over the data and was therefore functionally the data controller with an obligation to honour access requests under GDPR.
Telenor ASA Sanctioned for DPO Organization and Internal Control Failures
Datatilsynet imposed a 4 million NOK administrative fine on Telenor ASA for inadequate organization of the data protection officer role and lack of internal control. The investigation found the company failed to assess DPO independence, document conflict of interest considerations, and establish a documented reporting line to the highest management level. As a cross-border GDPR case processed through the cooperation and consistency mechanism with Swedish and Danish supervisory authorities, Telenor is ordered to assess its DPO obligation and maintain accurate processing activity records.
Four Sandbox Reports Explore Data Sharing to Combat Economic Crime
The Norwegian Data Protection Authority and Financial Supervisory Authority of Norway have published four final reports from joint regulatory sandbox projects exploring data sharing to combat economic crime. Participants including banks (DNB, Nordea, SpareBank 1, Eika), Stø, Finans Norge Forsikringsdrift, and Eika Gruppen with KPMG received joint regulatory guidance on how data protection and financial regulations interact. The reports clarify where current regulations provide clear boundaries versus where there is greater scope for action within existing frameworks.
Court of Appeal Upholds NOK 65M Fine Against Grindr for Invalid Data Consent
Borgarting Court of Appeal rejected Grindr's appeal and upheld the NOK 65 million administrative fine issued by the Norwegian Data Protection Authority. The court ruled that Grindr did not have valid consent to disclose personal data to advertising partners and that data about app usage constitutes special category personal data. This is the third consecutive level of appeal to affirm the fine.
BitSight Security Rating Platform Third-Party Risk Management Access Instructions
The California Cybersecurity Center has published access instructions for state agencies to use the BitSight Security Rating Platform for third-party risk management. Agencies must submit access requests through the ServiceNow system by selecting 'Security Tools' and 'BitSight' from the customer support catalog. Requests must include customer ID code, approver information, and the service option (New, Modify, or Delete User).
AgencyNet SharePoint Access Procedures for California Government Entities
The California Office of Information Security (OIS) has published guidance on accessing AgencyNet, a SharePoint platform providing sensitive information security resources to government entities. Access requests must be submitted through ServiceNow by designated roles including AIO, AISO, CIO, ISO, Privacy Program Coordinator, or Technology Recovery Program Coordinator. Approved requestors receive read-only permissions to the platform.
California Cybersecurity Advisory Services for State Entities
The California Department of Technology Office of Information Security offers advisory services to state entity information security professionals to develop their Information Security Programs. Services include pre and post audit workshops, training via CA CyberScholar, policy templates aligned with NIST standards, and access to AgencyNet resources.
Cybersecurity Awareness Month Toolkit Resources
The California Department of Technology published a Cybersecurity Awareness Month toolkit providing social media graphics, tips, and guidance resources for National Cybersecurity Awareness Month in October. The materials target individuals, small businesses, government agencies, and academic institutions with messaging around password security, scam awareness, and online safety. The toolkit is voluntary and imposes no compliance obligations or regulatory requirements.
High-Level Debate on Omnibus Proposals: Driving Data Protection and Innovation
The European Data Protection Supervisor (EDPS), in partnership with Germany's Federal Commissioner for Data Protection (BfDI) and Bavaria's Data Protection Commissioner (BayLfD), has announced a high-level debate on the European Commission's Omnibus proposals. The event will examine implications for the GDPR and AI Act, focusing on legal certainty, regulatory coherence, and balancing fundamental rights protection with innovation. No compliance obligations are created by this event announcement.
AI Act Practice, Regulatory Proposals, Data Governance - Newsletter Episode 19
EDPS published Newsletter Digest Episode 19 covering three key developments: the AI Act moving into operational practice, new regulatory proposals affecting fundamental rights, and measures to strengthen data protection governance within EU institutions. The podcast features Miriam Cakurdova and John McLean discussing these emerging regulatory landscapes.