EDPB Launches Coordinated GDPR Enforcement on Transparency
The European Data Protection Board (EDPB) has launched a coordinated enforcement action for 2026 focusing on compliance with GDPR transparency and information obligations. Twenty-five Data Protection Authorities across Europe will participate, assessing controllers' adherence to Articles 12, 13, and 14 of the GDPR.
ICO Fines Reddit for UK GDPR Violations
The UK's Information Commissioner's Office (ICO) has fined Reddit, Inc. £14.4 million for violating UK GDPR. The penalty stems from failures in age assurance mechanisms and data protection impact assessments, which unlawfully processed children's data and potentially exposed them to harmful content.
Hingham Municipal Lighting Plant Data Breach Notification
The Hingham Municipal Lighting Plant has issued a data breach notification letter to affected individuals. The incident involved the exposure of personal information, including names, Social Security numbers, and driver's license numbers. Affected individuals are offered two years of complimentary identity protection services.
TriZetto Data Breach Notification Letter
TriZetto Provider Solutions is notifying individuals of a cybersecurity incident that may have involved protected health information. The incident, discovered on October 2, 2025, potentially exposed patient names, addresses, dates of birth, and in some cases, Social Security numbers. TriZetto is offering identity protection services to affected individuals.
Worcester State University Data Breach Notification
Worcester State University issued a data breach notification letter on February 25, 2026, detailing a breach that exposed personal information of students and staff from January 24 to February 2, 2026. The university has updated its policies to prevent future incidents and is providing guidance on security freezes.
Massachusetts General Hospital Data Breach Notification
Massachusetts General Hospital (MGH) issued a data breach notification on February 25, 2026, regarding an incident where Protected Health Information (PHI) was inadvertently sent to the incorrect patient. The breach involved names, dates of birth, social security numbers, and diagnoses. MGH is offering 24 months of free credit monitoring and identity theft protection services.
TriZetto Provider Solutions Data Breach Notification
TriZetto Provider Solutions is notifying individuals about a data breach and offering identity monitoring services. The notice provides instructions for enrollment, steps to protect personal information, and contact information for relevant agencies.
AI Standards, Regulations, and Enforcement Efforts Discussed
Global jurisdictions are discussing policies for responsible AI development and use, but the pace of AI innovation is outpacing regulation. Stakeholders at the AI Standards Hub Global Summit 2026 highlighted the importance of technical standards and assurance systems in guiding compliance amidst evolving regulatory frameworks like the EU AI Act and a patchwork of US state laws.
GDPR Article 25: Data Protection by Design and Default Factors
This analysis discusses the implementation of GDPR Article 25, focusing on data protection by design and by default. It highlights the importance of continuously assessing state of the art, cost of implementation, processing context, and risks to individuals, especially with the rise of AI.
ICO rules Council FOI request not vexatious, orders fresh response
The UK's Information Commissioner's Office (ICO) has ruled that Westmorland and Furness Council wrongly claimed a Freedom of Information (FOI) request regarding an external consultant report was vexatious. The ICO has ordered the Council to issue a fresh response within 30 days.
Rotherham Council Failed FOI Request Response Time
The ICO has issued a decision notice against Rotherham Metropolitan Borough Council for failing to respond to a Freedom of Information (FOI) request within the statutory 20 working days. The Council is now required to provide a response within 30 calendar days.
ICO Decision Notice: FOI exemption for parking machine data upheld
The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a Freedom of Information (FOI) complaint against East Riding of Yorkshire Council. The ICO found that the council correctly applied the law enforcement exemption (FOI 31(1)(a)) to withhold parking machine data, and the public interest favors maintaining this exemption.
ICO Decision Notice: House of Commons FOI Complaint
The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a complaint against the House of Commons. The ICO found that the House of Commons correctly relied on Section 40(2) of the Freedom of Information Act to withhold information related to role upgrades, deeming it third-party personal data.
ICO Decision: Sheffield City Council breached EIR on Montague Street closure request
The UK's Information Commissioner's Office (ICO) has ruled that Sheffield City Council breached Environmental Information Regulations (EIR) by failing to respond to a request about the Montague Street closure. The Council is required to provide a substantive response to the complainant.
ICO Decision: NHS Trust failed to respond to FOI request
The ICO has issued a decision notice finding that Guy's and St Thomas' NHS Foundation Trust failed to respond to a Freedom of Information (FOI) request within the statutory 20-working day period. The Trust is required to provide a substantive response to the request.
Home Office ordered to reply to FOI request
The ICO has ordered the Home Office to respond to a Freedom of Information (FOI) request that was not answered within the statutory 20-day period. The Home Office must now provide a response to the complainant within 30 calendar days.
ICO Decision Notice: Kensington and Chelsea FOI Breach
The UK's Information Commissioner's Office (ICO) issued a decision notice against the Royal Borough of Kensington and Chelsea for breaching Section 10 of the Freedom of Information Act. The authority failed to respond to a request for information within the statutory 20 working days.
ICO Decision Notice: Cabinet Office FOI Refusal Upheld
The UK's Information Commissioner's Office (ICO) has upheld the Cabinet Office's refusal to confirm or deny holding records related to the potential proscription of Palestine Action. This decision relates to a Freedom of Information request and the application of section 35(3) of FOIA concerning ministerial communications.
ICO Decision: St. Werburgh’s C. E. Primary School FOI Complaint Upheld
The Information Commissioner's Office (ICO) has upheld a complaint against St. Werburgh’s C. E. Primary School for failing to respond to a Freedom of Information request within the statutory 20 working days. The school is now required to provide a response within 30 calendar days.
AEPD Spain: GDPR Fine of €4M for Data Information Failure
The Spanish Data Protection Agency (AEPD) has issued a €4 million fine to SERVICIOS INMOBILIARIOS Y GESTIÓN RCL-MADRID, S.L. for failing to provide requested information during an investigation. This action stems from a complaint regarding potential GDPR violations.
AEPD Resolution on GDPR Rights Procedure
The Spanish Data Protection Agency (AEPD) has issued a resolution regarding a procedure for handling GDPR rights. The resolution addresses a complaint where a data subject exercised their right of access, and the respondent failed to provide a legally established response within the stipulated timeframe. This action initiates a formal procedure against the respondent for non-compliance.