Data Protection

ICO Decision Notice: BBC FOI Request on Spanish PM Title

The ICO has issued a decision notice regarding a BBC Freedom of Information (FOI) request concerning the Spanish Prime Minister's title. The ICO upheld the BBC's position that the information, if held, is for journalistic purposes and therefore exempt from FOIA.

Spanish DPA Resolution on Procedure Termination

The Spanish Data Protection Agency (AEPD) has issued a resolution terminating procedure EXP202416460. This action signifies the closure of a specific enforcement or administrative process initiated by the agency.

EDPB Adopts 2026-2027 Work Programme for GDPR Compliance

The European Data Protection Board (EDPB) has adopted its work programme for 2026-2027, focusing on making GDPR compliance easier. Key initiatives include developing ready-to-use templates for organizations on legitimate interest assessments, records of processing activities, and privacy notices.

AEPD Resolution: Simyo Denied Voice Recording Access

The Spanish Data Protection Agency (AEPD) issued a resolution against Simyo (Orange España Virtual, S.L.) for denying a consumer's right of access to voice recordings related to a SIM swap. Simyo initially conditioned access on a judicial order, which is not required by law, but later provided the recordings after the complaint.

AEPD Resolution on Data Protection Access Right Procedure

The Spanish Data Protection Agency (AEPD) issued a resolution regarding a data protection rights procedure, specifically concerning the right of access. The resolution details the process followed after a complaint was filed and notes that the data controller ultimately provided the requested response.

AEPD resolves identity theft data use complaint against TELFY TELECOM

The Spanish Data Protection Agency (AEPD) has resolved a complaint against TELFY TELECOM for alleged misuse of personal data in an identity theft case. The company failed to respond to a data access request from a customer who was a victim of identity theft, leading to a formal resolution by the AEPD.

ICO Enforcement: Eight Guilty in Nuisance Call Investigation

The UK's Information Commissioner's Office (ICO) announced further convictions in its largest nuisance call investigation, bringing the total prosecuted to 10 individuals. The investigation involved the unlawful accessing and sale of personal data from garages and claims management companies.

EDPB Work Programme 2026-2027

The European Data Protection Board (EDPB) has adopted its work programme for 2026-2027, focusing on enhancing harmonisation, promoting compliance with GDPR, and strengthening enforcement cooperation. The programme outlines key initiatives including new guidelines on AI, consent, and anonymisation, alongside efforts to simplify GDPR compliance for stakeholders.

Garante Privacy Fines Nursery, Approves IT-Wallet, CEREBRO, AI in Schools

The Italian Garante Privacy has fined a nursery school €10,000 for privacy violations related to children's photos and video surveillance. The authority also approved the experimentation of IT-Wallet, the use of CEREBRO for asset investigations, and issued guidelines for AI in schools.

GDPR Fines and Guidance on AI, Healthcare, and Public Transparency

The Italian Data Protection Authority (Garante privacy) issued a newsletter detailing several enforcement actions and guidance. Fines were issued to a bank (€100,000) and a municipality for transparency violations, and a hospital (€80,000) for improper access to patient health records. Global data protection authorities also affirmed that data protection fully applies to AI.