Search

CNPD Workshop on DAAZ Diploma Ceremony

The CNPD is hosting a workshop and DAAZ diploma ceremony on April 29, 2026, in Luxembourg. The event aims to provide feedback on a previous workshop and recognize participants' achievements in the DAAZ tool.

CNPD AI Data Protection Training Session

The CNPD is offering a 4-hour in-person training session on Data Protection Basics: Artificial Intelligence. The training aims to help participants understand the challenges of AI concerning data protection and the GDPR, and is scheduled for May 5, 2026.

Data Protection Authority Fines iHUNT TECHNOLOGY for Privacy Violations

The National Supervisory Authority for Personal Data Processing in Romania has fined S.C. iHUNT TECHNOLOGY IMPORT-EXPORT SA 20,000 lei for violating data protection laws regarding cookie consent. The investigation found that the company stored non-essential cookies without user consent.

GDPR Sanction for Ordonul Asistenților Medicali Neamț

The National Supervisory Authority for Personal Data Processing in Romania sanctioned Ordonul Asistenților Medicali Generaliști, Moașelor și Asistenților Medicali din România – Filiala Neamț for GDPR violations. The entity received a fine of 2,000 euros and two reprimands for issues related to video surveillance and data subject information.

GDPR Sanction for Roumasport S.R.L.

The National Supervisory Authority for Personal Data Processing in Romania has sanctioned Roumasport S.R.L. with a fine of 10,000 euros for violating GDPR provisions related to data security. The investigation followed a personal data security breach due to unauthorized access following cyberattacks.

CJEU Judgment: Online Marketplace Operator as Data Controller

The Court of Justice of the European Union ruled in Case C-492/23 that an online marketplace operator is a data controller under GDPR. The operator must identify and verify sensitive data in advertisements before publication and obtain explicit consent.

National Supervisory Authority Fines Lenjeria Magică SRL for Data Processing Violation

The National Supervisory Authority for Personal Data Processing in Romania has fined Lenjeria Magică SRL 15,000 lei for violating data processing laws related to website cookies. The company stored non-essential cookies without explicit user consent, breaching provisions of Law no. 506/2004 and Regulation (EU) 2016/679.

Garante Privacy Fines Acea Energia €2 Million for Unauthorized Contracts

The Italian Garante privacy has fined Acea Energia spa €2 million for significant violations of personal data protection laws. The company was found to have used inaccurate customer data to activate over 1,200 unsolicited energy contracts through door-to-door agents.

Italian Privacy Authority Fines Intesa Sanpaolo €17.6 Million

The Italian Privacy Authority has fined Intesa Sanpaolo €17.6 million for unlawfully processing the data of approximately 2.4 million customers. The fine stems from the transfer of customer data to its wholly-owned subsidiary, Isybank, as part of a corporate operation.

Italian DPA Newsletter: Aldilapp Fine, Camera Rules, Delegation Platform, AI Concerns

The Italian Data Protection Authority (Garante) issued a newsletter on March 9, 2026, detailing several key actions. It includes a fine against Aldilapp for digital cemetery services, new rules for non-compliant cameras, approval for a delegation management platform, and global data protection authorities' concerns about AI-generated intimate content.