Search

AI Act: Code of Practice on AI-Generated Content

The EU AI Office convened working groups and workshops to gather stakeholder feedback on a draft Code of Practice for marking and labelling AI-generated content under the AI Act. Discussions focused on disclosure obligations, marking techniques, and responsibilities across the AI value chain.

Spanish DPA Resolution on Voluntary Payment

The Spanish Data Protection Agency (AEPD) has issued a resolution initiating a sanctioning procedure against EMPRESA.1 for alleged data protection violations. The case involves a complaint regarding the improper acquisition and use of personal data for a contract. The resolution details the initial findings and the company's response.

ICO Fines Reddit £14.47m for Children's Privacy Failures

The UK's Information Commissioner's Office (ICO) has fined Reddit £14.47 million for failing to protect the personal information of children. The investigation found serious failures in age assurance, meaning Reddit unlawfully processed the data of children under 13.

GDPR Fines Issued for Google Analytics Use

The Swedish Authority for Privacy Protection (IMY) has fined two companies and ordered three others to stop using Google Analytics due to non-compliance with GDPR regarding personal data transfers to the US. Fines total 12.3 million SEK.

H&M Fined for GDPR Marketing Violations

The Swedish Agency for Privacy Protection (IMY) has fined H&M SEK 350,000 for violating GDPR. The company failed to properly handle requests from individuals wishing to opt out of direct marketing, making it unnecessarily difficult for them to exercise their rights.

AEPD Resolution on Rights Procedure and Labor Dispute

The Spanish Data Protection Agency (AEPD) has issued a resolution regarding a data rights procedure initiated on June 2, 2025. The case involves a former employee's claims against FENG SHENG SUSHI, S.L. concerning alleged falsification of a labor contract, denial of access to personal data, and improper use of banking information.

International Data Protection Authorities Joint Statement on AI Imagery Risks

Sixty-one international data protection authorities have issued a joint statement outlining privacy risks associated with AI-generated imagery. The statement addresses concerns about the creation of realistic images and videos of individuals without consent, particularly highlighting potential harms to children. It urges responsible AI development and deployment.

European AI Innovation Month Announced

The European Commission and the Irish Presidency of the Council have announced the European AI Innovation Month, a series of events scheduled from mid-October to mid-November 2026. The initiative aims to discuss and showcase AI development and deployment in Europe, culminating in the European Apply AI Summit.

Garante Privacy Sanctions eCampus, Rejects Pescara Body Cams

The Italian Data Protection Authority (Garante Privacy) has sanctioned the University eCampus with a €50,000 fine for unlawfully processing biometric data using facial recognition for online course attendance verification. Additionally, the Garante has prohibited the municipality of Pescara from using body cameras for local police due to risks of data transfer to non-EU countries.

EU Investigates Shein Under Digital Services Act

The European Commission has opened formal proceedings against Shein under the Digital Services Act. The investigation will focus on the sale of illegal products, addictive design features, and the transparency of recommender systems. This action follows concerns about potential violations of EU digital regulations.