Search

ICO Decision Notice: Bradford Council Disclosure of School Preference Data

The ICO has issued a decision notice against Bradford Council regarding the disclosure of school preference data. The Council must disclose redacted spreadsheets containing no personal data to the complainant within 30 days, as they incorrectly withheld some information under FOIA section 40(2).

ICO Decision on Ambulance Trust FOI Request

The UK's Information Commissioner's Office (ICO) issued a decision regarding a Freedom of Information (FOI) request made to the South East Coast Ambulance Service NHS Foundation Trust. The ICO found that the requested report into an internal investigation was exempt from disclosure under section 41 of the FOI Act.

ICO Decision Notice: Ministry of Defence FOIA Breach

The UK's Information Commissioner's Office (ICO) has issued a decision notice finding the Ministry of Defence breached Section 10 of the Freedom of Information Act (FOIA) by failing to respond to a request within 20 working days. The Ministry of Defence is required to provide a substantive response.

AEPD Rejects TALENTO MOTOR S.L. Appeal

The Spanish Data Protection Agency (AEPD) has rejected an appeal filed by TALENTO MOTOR S.L. against a prior resolution. The appeal was deemed inadmissible due to being filed outside the legal time limit. This decision upholds the original resolution from November 23, 2025.

ICO Commissioner's Speech on Data Protection and ICO Governance

The UK Information Commissioner, John Edwards, delivered a speech reflecting on his tenure and the ICO's adaptation to data protection changes, including the upcoming Data (Use and Access) Act and new governance structure. The speech highlighted the ICO's efforts to provide clarity and certainty amidst evolving technological and legal landscapes.

Spanish DPA Resolution on Voluntary Payment

The Spanish Data Protection Agency (AEPD) has issued a resolution initiating a sanctioning procedure against EMPRESA.1 for alleged data protection violations. The case involves a complaint regarding the improper acquisition and use of personal data for a contract. The resolution details the initial findings and the company's response.

ICO Fines Reddit £14.47m for Children's Privacy Failures

The UK's Information Commissioner's Office (ICO) has fined Reddit £14.47 million for failing to protect the personal information of children. The investigation found serious failures in age assurance, meaning Reddit unlawfully processed the data of children under 13.

H&M Fined for GDPR Marketing Violations

The Swedish Agency for Privacy Protection (IMY) has fined H&M SEK 350,000 for violating GDPR. The company failed to properly handle requests from individuals wishing to opt out of direct marketing, making it unnecessarily difficult for them to exercise their rights.

GDPR Fines Issued for Google Analytics Use

The Swedish Authority for Privacy Protection (IMY) has fined two companies and ordered three others to stop using Google Analytics due to non-compliance with GDPR regarding personal data transfers to the US. Fines total 12.3 million SEK.

AEPD Resolution on Rights Procedure and Labor Dispute

The Spanish Data Protection Agency (AEPD) has issued a resolution regarding a data rights procedure initiated on June 2, 2025. The case involves a former employee's claims against FENG SHENG SUSHI, S.L. concerning alleged falsification of a labor contract, denial of access to personal data, and improper use of banking information.