Searching in Data Privacy & Cybersecurity · Search everything
702 changes Data Privacy & Cybersecurity
CalPrivacy Data Broker Registration Enforcement Advisory
CalPrivacy has issued an enforcement advisory reminding data brokers of their registration requirements, including disclosing trade names and websites, and registering independently. Data brokers must register by January 31 annually and face fines of $200 per day for non-compliance.
CPPA Fines Data Brokers for Registration Violations
The California Privacy Protection Agency (CPPA) has issued enforcement actions against two data brokers, Rickenbacher Data LLC (d/b/a Datamasters) and S&P Global, Inc., for failing to register as required by California's Delete Act. Datamasters was fined $45,000 and ordered to stop selling personal information, while S&P Global was fined $62,600.
California Bill for CCPA Whistleblower Protections and Awards
The California Privacy Protection Agency (CalPrivacy) is sponsoring AB 2021, a bill to establish whistleblower protections and an award program under the California Consumer Privacy Act (CCPA). The bill aims to incentivize individuals to report violations and protect them from retaliation.
FTC and States Secure $100M Judgment Against Walmart for Deceptive Earnings Claims
The FTC and 11 states have secured a $100 million judgment against Walmart to settle allegations of deceptive earnings claims made to delivery drivers in its Spark Driver program. The company allegedly misled drivers about base pay, incentives, and tips, causing drivers to lose tens of millions of dollars.
EDPB Opinion on ABN AMRO Binding Corporate Rules
The European Data Protection Board (EDPB) has issued Opinion 06/2026 regarding the Binding Corporate Rules (BCRs) of ABN AMRO. This opinion addresses the draft decision from the Dutch supervisory authority concerning these BCRs.
EDPB Opinion on Dutch Authority's Draft Decision for Arcadis Group
The European Data Protection Board (EDPB) has issued an opinion on a draft decision by the Dutch Data Protection Authority concerning Arcadis Group's Binding Corporate Rules (BCRs). This opinion addresses the international transfer of data and the adequacy of the BCRs.
FTC Workshop on Data Economy Injuries and Benefits
The Federal Trade Commission is hosting a workshop on February 26, 2026, to discuss measuring consumer injuries and benefits in the data-driven economy. The event will feature FTC officials and panel discussions on privacy preferences and data breach impacts.
FTC Policy Statement on COPPA and Age Verification Technologies
The FTC issued a policy statement clarifying that it will not bring enforcement actions under COPPA against operators using age verification technologies for the sole purpose of determining user age, provided certain conditions are met. This aims to incentivize the use of these technologies to protect children online.
ICO Decision: Oxford City Council Cherry Tree Information Disclosure
The UK's Information Commissioner's Office (ICO) issued a decision regarding Oxford City Council's disclosure of information about cherry tree removal. The ICO found that the council had complied with the Environmental Information Regulations (EIR) and did not require further action.
ICO Decision Notice: Home Office FOI Request Upheld
The ICO has upheld a Freedom of Information (FOI) request against the Home Office, finding that the public authority failed to complete its public interest test considerations within a reasonable time. The Home Office is now required to provide a substantive response to the request within 30 calendar days.
ICO Decision Notice: Ealing Council FOI Breach
The UK's Information Commissioner's Office (ICO) has upheld a decision that Ealing Council breached section 10 of the Freedom of Information Act (FOIA) by failing to provide a substantive response to a request within 20 working days. The council must now provide the response within 30 days.
ICO Decision Notice: FOI Complaint on Chagos Islands Policy
The ICO has issued a decision notice regarding a Freedom of Information complaint against the Attorney General's Office concerning Chagos Islands policy formulation. The ICO found that the AGO correctly applied exemptions under FOIA.
ICO Decision: Croydon Council Failed EIR Request
The UK's Information Commissioner's Office (ICO) has upheld a decision against the London Borough of Croydon for failing to respond to an Environmental Information Regulations (EIR) request within the statutory 20-day period. The ICO has ordered Croydon Council to respond to the complainant within 30 calendar days.
ICO Decision Notice: Bradford Council Disclosure of School Preference Data
The ICO has issued a decision notice against Bradford Council regarding the disclosure of school preference data. The Council must disclose redacted spreadsheets containing no personal data to the complainant within 30 days, as they incorrectly withheld some information under FOIA section 40(2).
ICO Decision on Ambulance Trust FOI Request
The UK's Information Commissioner's Office (ICO) issued a decision regarding a Freedom of Information (FOI) request made to the South East Coast Ambulance Service NHS Foundation Trust. The ICO found that the requested report into an internal investigation was exempt from disclosure under section 41 of the FOI Act.
ICO Decision Notice: Ministry of Defence FOIA Breach
The UK's Information Commissioner's Office (ICO) has issued a decision notice finding the Ministry of Defence breached Section 10 of the Freedom of Information Act (FOIA) by failing to respond to a request within 20 working days. The Ministry of Defence is required to provide a substantive response.
ICO Decision on Executive Office Northern Ireland Communications
The UK's Information Commissioner's Office (ICO) issued a decision regarding a Freedom of Information request made to the Executive Office Northern Ireland. The ICO partially upheld the Executive Office's decision to withhold certain communications, but required disclosure of other information previously withheld under specific exemptions.
ICO Decision Notice: Lucy Letby Case FOI Request Not Vexatious
The UK's Information Commissioner's Office (ICO) issued a decision notice stating that a Freedom of Information (FOI) request concerning the Lucy Letby case was not vexatious. Cheshire Constabulary is required to provide a fresh response to the complainant.
ICO Decision Notice: Somerset Council FOI 10 Upheld
The UK's Information Commissioner's Office (ICO) has upheld a complaint against Somerset Council for failing to respond to a Freedom of Information (FOI) request within the statutory 20 working days. The ICO has ordered the council to respond to the complainant within 30 calendar days.
ICO Upholds FOI Complaint Against Salford City Council
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against Salford City Council for a delayed response. The Council is now required to provide the complainant with a response within 30 calendar days.
ICO Decision Notice: Nottingham City Council EIR Complaint Upheld
The UK's Information Commissioner's Office (ICO) upheld an Environmental Information Regulations (EIR) complaint against Nottingham City Council for breaches related to a planning application information request. The council mishandled the request, breaching time limits and reconsideration procedures, although some exceptions were deemed valid.
ICO Decision Notice: Doncaster Council FOI Act Complaint
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information Act complaint against Doncaster Metropolitan Borough Council. The ICO found the council partly incorrect in stating no further information was held and failed to disclose information within the statutory 20 working days.
ICO FOI Decision: Charity Commission and Section 31
The ICO has issued a decision regarding a Freedom of Information request handled by the Charity Commission. The Commissioner found that the Charity Commission correctly applied section 31 of FOIA, and the public interest favoured withholding the requested information. No further steps are required.
ICO Decision Notice: Buckinghamshire ICB breached FOIA by late information provision
The Information Commissioner's Office (ICO) found that the Buckinghamshire, Oxfordshire and Berkshire West Integrated Care Board (ICB) breached FOIA by providing Ophthalmology information late. While no further information was held, the delay constituted a breach of statutory timeframes.
AEPD Rejects TALENTO MOTOR S.L. Appeal
The Spanish Data Protection Agency (AEPD) has rejected an appeal filed by TALENTO MOTOR S.L. against a prior resolution. The appeal was deemed inadmissible due to being filed outside the legal time limit. This decision upholds the original resolution from November 23, 2025.
ICO Commissioner's Speech on Data Protection and ICO Governance
The UK Information Commissioner, John Edwards, delivered a speech reflecting on his tenure and the ICO's adaptation to data protection changes, including the upcoming Data (Use and Access) Act and new governance structure. The speech highlighted the ICO's efforts to provide clarity and certainty amidst evolving technological and legal landscapes.
Spanish DPA Resolution on Voluntary Payment
The Spanish Data Protection Agency (AEPD) has issued a resolution initiating a sanctioning procedure against EMPRESA.1 for alleged data protection violations. The case involves a complaint regarding the improper acquisition and use of personal data for a contract. The resolution details the initial findings and the company's response.
ICO Fines Reddit £14.47m for Children's Privacy Failures
The UK's Information Commissioner's Office (ICO) has fined Reddit £14.47 million for failing to protect the personal information of children. The investigation found serious failures in age assurance, meaning Reddit unlawfully processed the data of children under 13.
GDPR Fines Issued for Google Analytics Use
The Swedish Authority for Privacy Protection (IMY) has fined two companies and ordered three others to stop using Google Analytics due to non-compliance with GDPR regarding personal data transfers to the US. Fines total 12.3 million SEK.
H&M Fined for GDPR Marketing Violations
The Swedish Agency for Privacy Protection (IMY) has fined H&M SEK 350,000 for violating GDPR. The company failed to properly handle requests from individuals wishing to opt out of direct marketing, making it unnecessarily difficult for them to exercise their rights.
AEPD Resolution on Rights Procedure and Labor Dispute
The Spanish Data Protection Agency (AEPD) has issued a resolution regarding a data rights procedure initiated on June 2, 2025. The case involves a former employee's claims against FENG SHENG SUSHI, S.L. concerning alleged falsification of a labor contract, denial of access to personal data, and improper use of banking information.
International Data Protection Authorities Joint Statement on AI Imagery Risks
Sixty-one international data protection authorities have issued a joint statement outlining privacy risks associated with AI-generated imagery. The statement addresses concerns about the creation of realistic images and videos of individuals without consent, particularly highlighting potential harms to children. It urges responsible AI development and deployment.
Garante Privacy Sanctions eCampus, Rejects Pescara Body Cams
The Italian Data Protection Authority (Garante Privacy) has sanctioned the University eCampus with a €50,000 fine for unlawfully processing biometric data using facial recognition for online course attendance verification. Additionally, the Garante has prohibited the municipality of Pescara from using body cameras for local police due to risks of data transfer to non-EU countries.
A Ventura fined €20M for GDPR infringement
The Spanish Data Protection Agency (AEPD) has initiated a sanctioning procedure against A VENTURA EN TRAMPOLINES S.L. for alleged infringements of the GDPR. The company has been fined €20 million and previously ordered to adapt its user consent form within one month, a deadline it failed to meet.
ICO v. DSG Retail - Data Protection Security Ruling
The UK's Information Commissioner's Office (ICO) has won a Court of Appeal case against DSG Retail Limited, reinstating a £500,000 fine for a 2020 data breach. The ruling clarifies that organisations must secure all personal data, regardless of whether individuals can be identified from exfiltrated data.
EDPB Report on Right to Erasure Enforcement
The European Data Protection Board (EDPB) has released a report detailing the outcomes of its Coordinated Enforcement Framework (CEF) action on the right to erasure under GDPR. The report identifies seven recurring challenges faced by controllers in implementing this right and offers recommendations for improvement.
FTC Finalizes Boeing-Spirit Acquisition Consent Order
The FTC has finalized a consent order regarding Boeing's acquisition of Spirit AeroSystems. The order requires Boeing to divest certain Spirit assets and continue supplying aerostructures to competing contractors for military aircraft programs. This action aims to protect competition in commercial and military aircraft markets.
ICO Upholds FOI Complaint Against DWP PIP Scoring
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against the Department for Work and Pensions (DWP). The DWP failed to fully consider information requested by a complainant regarding changes to the Personal Independence Payment (PIP) scoring system.
ICO Upholds FOI Complaint Against Cheshire Constabulary
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against Cheshire Constabulary. The ICO ruled that the constabulary cannot rely on a specific FOI exemption to withhold information related to the Lucy Letby case and must issue a fresh response.
ICO Decision Notice: Greater Manchester Combined Authority FOI Failure
The UK's Information Commissioner's Office (ICO) found that the Greater Manchester Combined Authority failed to comply with section 10(1) of the Freedom of Information Act (FOIA) regarding a request for information about the Voices of Resilience event. While all held information has now been disclosed, the authority admitted its initial searches were inadequate.
ICO upholds Barts Health NHS Trust FOI exemption
The UK's Information Commissioner's Office (ICO) has upheld Barts Health NHS Trust's decision to exempt certain information related to patient care from disclosure under the Freedom of Information Act (FOIA). The decision means the Trust does not have to confirm or deny if it holds specific details about a relative's medication and wider care.
ICO Decision: Home Office breached FOI on asylum seeker nationalities
The UK's Information Commissioner's Office (ICO) has ruled that the Home Office breached FOI section 10(1) by failing to disclose information regarding asylum seeker nationalities in a timely manner. The decision requires the Home Office to disclose the requested nationalities information.
ICO Decision on Withholding Land Contamination Report
The UK's Information Commissioner's Office (ICO) has issued a decision upholding Cheshire West and Chester Council's decision to withhold a land contamination report. The ICO found the information could be legitimately withheld under environmental information regulations.
ICO Decision Notice: Planning Request Manifestly Unreasonable
The ICO found a planning information request made to King's Lynn and West Norfolk Borough Council to be manifestly unreasonable under EIR regulation 12(4)(b). While the Council correctly identified the request as unreasonable, it cited the wrong legislation (FOIA instead of EIR). No further action is required.
ICO Upholds FOI Complaint Against Isle of Anglesey County Council
The ICO has upheld a Freedom of Information (FOI) complaint against Isle of Anglesey County Council for a delayed response. The council is now required to provide the complainant with a response within 30 calendar days.
ICO Decision Notice: Enfield Council FOI Breach
The UK's Information Commissioner's Office (ICO) issued a decision notice finding that the London Borough of Enfield breached Section 10 of the Freedom of Information Act (FOIA) by failing to respond promptly to a request for information. The council must now provide a substantive response.
ICO Decision Notice: Surrey Police FOI Cost Limit Refusal Upheld
The UK's Information Commissioner's Office (ICO) issued a decision notice regarding Surrey Police's handling of a Freedom of Information (FOI) request. The ICO upheld the police's refusal based on the cost limit but found they failed to provide adequate advice and assistance.
ICO upholds Planning Inspectorate refusal of information request
The UK's Information Commissioner's Office (ICO) has upheld the Planning Inspectorate's (PINS) refusal to disclose information related to a strategic housing site examination. The ICO found that PINS likely does not hold the requested information and therefore correctly applied an exemption.
ICO Decision Notice on NICIE FOI Complaint
The UK Information Commissioner's Office (ICO) has upheld a decision regarding a Freedom of Information (FOI) complaint against the Northern Ireland Council for Integrated Education (NICIE). The decision found that NICIE was entitled to rely on section 12 of the Freedom of Information Act (cost of compliance) to refuse part of a request.
ICO Decision Notice: Hastings & Rother Healthcare FOI Request
The ICO has issued a decision notice regarding a Freedom of Information (FOI) request made to Hastings & Rother Healthcare concerning their Triage process. The ICO upheld the Practice's decision to withhold certain information based on commercial interests and confirmed the Practice had provided all relevant information it held.