Searching in Data Privacy & Cybersecurity · Search everything
702 changes Data Privacy & Cybersecurity
ICO Decision Notice - Eastbourne Council FOI 40(2) Exemption
The ICO has issued a decision notice regarding Eastbourne Borough Council's withholding of information under FOI section 40(2). The Commissioner found that the Council was entitled to rely on the exemption for third-party personal information and did not uphold the complainant's challenge.
ICO Decision: NMC's refusal of nurse data under FOI upheld
The UK's Information Commissioner's Office (ICO) has upheld the Nursing and Midwifery Council's (NMC) decision to refuse a Freedom of Information request for data on erased and suspended nurses. The ICO found the NMC was entitled to withhold the information as it constitutes personal data exempt under FOIA.
ICO Upholds EIR Breach by Powys Council
The UK's Information Commissioner's Office (ICO) has upheld a breach of Environmental Information Regulations (EIR) 11 against Powys County Council. The council failed to conduct an internal review within the mandated 40 working days. No further steps are required beyond reconsidering the original request.
ICO Decision Notice: BBC FOI Request
The UK's Information Commissioner's Office (ICO) has upheld the BBC's decision regarding a Freedom of Information (FOI) request for a 1978 broadcast. The ICO determined the information, if held, is for journalistic purposes and thus exempt from FOIA.
ICO Orders NHS Trust to Respond to FOI Request
The UK's Information Commissioner's Office (ICO) has ordered the South London & Maudsley NHS Foundation Trust to take action on a Freedom of Information (FOI) request. The Trust failed to respond within the statutory 20 working days.
ICO Decision Notice: Melton Borough Council FOI Complaint
The ICO upheld a Freedom of Information (FOI) complaint against Melton Borough Council for failing to respond to a request within the statutory 20 working days. The Council has been ordered to provide a response to the complainant within 30 calendar days.
ICO Upholds FOI Complaint Against NHS Trust
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against South London & Maudsley NHS Foundation Trust for a delayed response. The Trust is required to provide a substantive response to the complainant within 30 calendar days.
ICO Orders NHS Trust to Respond to FOI Request
The UK's Information Commissioner's Office (ICO) has ordered the South London & Maudsley NHS Foundation Trust to respond to a Freedom of Information (FOI) request. The Trust failed to respond within the statutory 20 working days.
ICO Upholds FOI Complaint Against NHS Trust
The ICO has upheld a Freedom of Information (FOI) complaint against South London & Maudsley NHS Foundation Trust for a delayed response. The Trust is required to provide a substantive response to the complainant within 30 calendar days.
ICO Upholds FOI Complaint Against NHS Trust
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against South London & Maudsley NHS Foundation Trust for a delayed response. The Trust is now required to provide a substantive response to the complainant within 30 calendar days.
ICO Upholds FOI Complaint Against Pentraeth Council
The ICO has upheld a Freedom of Information complaint against Pentraeth Council for failing to respond to a request within the statutory 20 working days. The Council has been ordered to respond to the complainant within 30 calendar days.
ICO Upholds FOI Complaint Against NHS Trust
The ICO has upheld a Freedom of Information (FOI) complaint against South London & Maudsley NHS Foundation Trust for a delayed response. The Trust is required to provide a substantive response to the complainant within 30 calendar days.
Garante Privacy Sanctions Aldilapp, Halts Non-Compliant Cameras
The Italian Garante Privacy has sanctioned Aldilapp and its distributors for non-compliant digital cemetery services, halting the use of non-compliant cameras. The authority also approved a delegation management platform and expressed global concerns regarding AI-generated intimate content.
CNIL Closes Order Against KASPR Following GDPR Violations
The CNIL has closed an order against KASPR, originally issued on December 5, 2024, which included a €240,000 fine for GDPR violations related to data collection from LinkedIn. KASPR has demonstrated compliance with the corrective measures, leading to the closure of the order and the non-liquidation of a potential daily penalty.
AEPD Fines ORNITOLÓGICA DE ANDALUCÍA FOA 131,801 Euros for GDPR Violation
The Spanish Data Protection Agency (AEPD) has issued a resolution imposing a fine of 131,801 euros on ORNITOLÓGICA DE ANDALUCÍA FOA for a data breach. The violation involved the mass emailing of personal data, including names and national identification numbers, to federated associations and individuals.
AEPD Archives Proceedings Against Orange Spain Regarding Portability
The Spanish Data Protection Agency (AEPD) has archived proceedings against Orange Spain concerning a data portability issue. A consumer filed a complaint alleging unauthorized portability of their fixed-line number, leading to service suspension and subsequent restoration. The AEPD closed the case after reviewing the evidence and Orange's response.
AP Warns Users: TikTok Continues to Send Personal Data to China
The Dutch Data Protection Authority (AP) has warned users that TikTok continues to transfer personal data to China, despite a ruling by European privacy regulators deeming such transfers unlawful. The AP advises users and organizations to reconsider their use of TikTok and similar services.
Dutch DPA Cookie Policy Campaign
The Dutch Data Protection Authority (AP) has launched a public campaign urging organizations to review and improve their cookie policies. The campaign provides guidelines and aims to raise awareness about data collection practices and privacy risks associated with website cookies.
Dutch DPA warns generative AI risks becoming wild west
Dutch DPA warns generative AI risks becoming wild west
Reddit v. Autoriteit Persoonsgegevens - Data Protection Proceedings
The District Court in The Hague rejected Reddit's legal claims against the Dutch data protection authority (AP) regarding an investigation into unlawful personal data processing. The AP is continuing its investigation into whether Reddit unlawfully shared user data with algorithm developers.
Dutch Data Protection Authority Warns of AI Agent Security Risks
The Dutch Data Protection Authority (AP) has issued a warning regarding the significant security risks associated with AI agents like OpenClaw. The AP advises users and organizations against using these experimental systems, particularly with sensitive data, due to potential data breaches and account takeovers.
California Privacy Agency Fines Ford for Opt-Out Process Friction
The California Privacy Protection Agency has fined Ford Motor Company $375,703 and ordered changes to its opt-out process for violating the CCPA. Ford required unnecessary identity verification for consumers opting out of data sales and sharing.
ICO Orders Lincolnshire Council to Redo FOI Searches
The UK's Information Commissioner's Office (ICO) has ordered Lincolnshire County Council to redo its Freedom of Information (FOI) searches for a court case. The ICO found that the council likely holds additional information relevant to the request and must issue a fresh response.
ICO Upholds FOI Complaint Against Hackney Council
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against Hackney Council. The Council failed to correctly interpret and respond to a request for historical business rates data, breaching FOI obligations.
ICO Rules BFI Requests Vexatious, No Further Action
The UK's Information Commissioner's Office (ICO) has ruled that the British Film Institute (BFI) was justified in deeming information requests vexatious under FOIA section 14(1). The ICO found no further action was required from the BFI.
ICO Decision Notice: Public Authority Failed FOI Request
The UK's Information Commissioner's Office (ICO) issued a decision notice against the Department for Science, Innovation and Technology for failing to respond to a Freedom of Information (FOI) request within the statutory 20-day period. The ICO requires the department to respond to the complainant within 30 calendar days.
ICO Decision Notice: St John's College Land Info Request
The ICO upheld a breach of regulation 14(3) of the Environmental Information Regulations (EIR) against St John's College for refusing an information request under the wrong legislation. However, the ICO found the request to be manifestly unreasonable under EIR 12(4)(b) and did not require the College to comply.
ICO Decision: Home Office Correct to Deny FOI Request
The UK's Information Commissioner's Office (ICO) has ruled that the Home Office was correct to deny an FOI request concerning Kemi Badenoch by neither confirming nor denying holding the information, citing personal data exemptions. The decision upholds the Home Office's use of Section 40(5B) of the FOIA.
ICO Decision on Wealden Council FOI Request
The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a Freedom of Information (FOI) request made to Wealden District Council. The ICO found that the Council breached FOI time limits and partially upheld the Council's reliance on exemptions for personal information and prejudice to public affairs.
ICO Decision Notice: London Borough of Hillingdon
The UK's Information Commissioner's Office (ICO) issued a decision notice against the London Borough of Hillingdon for failing to disclose requested information under the Environmental Information Regulations (EIR). The ICO found that the council wrongly withheld documents and breached multiple EIR regulations, including timeliness requirements.
ICO Decision Notice: Ministry of Defence Nuclear Site Events Complaint
The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a complaint against the Ministry of Defence (MOD). While the MOD was found to have breached information rights regulations by failing to respond within statutory timeframes, the requested information regarding nuclear site events was ultimately exempt from disclosure.
ICO Decision Notice: West Yorkshire Police Speed Camera Info Withheld
The ICO has issued a decision notice regarding West Yorkshire Police's refusal to disclose speed camera information. The Commissioner found that the police correctly applied exemptions under FOIA and that the public interest favoured withholding the information, requiring no further action from the police.
ICO Decision Notice: FOI 10 & 16 Upheld, FOI 12(1) Not Upheld
The UK's Information Commissioner's Office (ICO) issued a decision notice regarding a Freedom of Information (FOI) request made to the Nursing and Midwifery Council (NMC). FOI requests 10 and 16 were upheld, while request 12(1) was not upheld. The NMC is required to provide reasonable advice and assistance to the complainant.
ICO Decision on East Hampshire Council FOIA Complaint
The UK's Information Commissioner's Office (ICO) issued a decision regarding a complaint against East Hampshire Council concerning a Freedom of Information Act (FOIA) request. The ICO found the council was justified in withholding some information but had breached FOIA regulations in its initial handling of the request. No further steps are required from the council.
ICO Decision Notice: Health Board FOI Cost Compliance Upheld
The UK's Information Commissioner's Office (ICO) issued a decision notice regarding a Freedom of Information (FOI) request made to Aneurin Bevan University Health Board. The ICO found that the Health Board was justified in relying on the cost of compliance exemption (FOI 12(1)) to refuse the request and met its obligations to offer advice and assistance.
ICO Decision: Lambeth Must Disclose School Redevelopment Emails
The UK's Information Commissioner's Office (ICO) has ruled that the London Borough of Lambeth must disclose certain emails related to a school redevelopment project. The ICO found that the Council misapplied exemptions and breached data protection regulations, ordering disclosure within 30 days.
ICO Decision: Council incorrectly withheld FOI information
The UK's Information Commissioner's Office (ICO) has ruled that Rhondda Cynon Taf County Borough Council incorrectly withheld information under FOI and EIR exemptions. The council must now reconsider the complainant's requests within 30 days.
ICO Decision: Council correct to withhold park expenditure information
The UK Information Commissioner's Office (ICO) issued a decision finding Ards and North Down Borough Council was correct to withhold certain park expenditure information under commercial confidentiality exemptions. The ICO does not require the council to take further action.
ICO Decision on DBT Information Disclosure
The UK's Information Commissioner's Office (ICO) issued a decision regarding the Department for Business and Trade's (DBT) handling of an information request. While DBT was largely correct in withholding information, the ICO found breaches related to exceeding response times.
GDPR Resolution Fines Company 1,400 Euros for Unsolicited Email
The Spanish Data Protection Agency (AEPD) has issued a resolution fining JOMAFRAN 2013, S. L. 1,400 euros for violating data protection laws. The company sent unsolicited marketing emails referencing a judicial proceeding without prior consent or relationship with the recipient.
PlayOn Sports Fined $1.10M for Privacy Violations
The California Privacy Protection Agency has fined PlayOn Sports $1.10 million for privacy violations related to student data and targeted advertising. The company must also change its data collection and opt-out practices.
EDPB Conference on Cross-Regulatory Cooperation
The European Data Protection Board (EDPB) announced a conference on cross-regulatory cooperation in the EU, focusing on data protection perspectives. The event took place on March 17, 2026, and aimed to provide an overview of the EDPB's work in this area.
GDPR Fine of €4,000,000 Imposed on MODEL REYNA, C.B.
The Spanish Data Protection Agency (AEPD) has imposed a fine of €4,000,000 on MODEL REYNA, C.B. for violations of the GDPR. The company failed to respond to information requests from the agency during an investigation, leading to the sanction.
JATC Data Breach Notification
The UA Sprinkler Fitters Local 669 Joint Apprenticeship and Training Committee (JATC) has issued a data breach notification following suspicious activity detected on May 23, 2024. The breach potentially exposed names, Social Security numbers, driver's license numbers, and medical information of 518 Washington residents.
Phia Group Data Security Incident Notification
The Phia Group has notified the Washington Attorney General's office of a data security incident affecting approximately 2,802 residents. Personal information including clinical data, DOB, and SSN may have been compromised between July 8-9, 2024.
Fried Frank Data Breach Notice
Fried Frank, Harris, Shriver & Jacobson LLP is issuing a data breach notice to affected individuals following a cybersecurity incident discovered on October 27, 2025. The incident involved unauthorized access to a user account, leading to the potential exposure of personal information. The firm is offering two years of free credit and identity monitoring services.
Gravity Payments Data Security Incident Notification
Gravity Payments is notifying consumers of a data security incident that occurred around August 22, 2025, due to a vulnerability in a third-party service provider's software. Personal information may have been accessed, and affected individuals are being offered credit monitoring services.
TABB Inc. Data Breach Notification
TABB Inc., a business partner of The Brooklyn Hospital Center, is notifying individuals of a data breach discovered on August 14, 2024, which may have involved personal information including name and variable data elements. The company is offering 12 months of free identity protection services.
CalPrivacy Launches Data Broker Enforcement Strike Force
The California Privacy Protection Agency (CalPrivacy) has launched a Data Broker Enforcement Strike Force to investigate privacy violations within the data broker industry. This initiative aims to enhance compliance with the CCPA and the Delete Act, building on previous enforcement actions.
CalPrivacy Fines ROR Partners for Data Broker Violations
The California Privacy Protection Agency has fined ROR Partners LLC $56,600 for failing to register as a data broker as required by the Delete Act. The marketing firm was found to have collected and sold extensive consumer data without proper registration, highlighting the agency's focus on data broker compliance.