Hospital Fined €70k for Data Breach; FAQs on Public Tender Data Published

The Italian Data Protection Authority (Garante privacy) has fined a company managing a hospital €70,000 for the unauthorized disposal of a patient's tissue sample and failure to notify a data breach. The newsletter also announced new FAQs on data processing and transparency in public tenders.

Garante Privacy Fines Verisure Italia and Aimag for GDPR Violations

The Italian Data Protection Authority (Garante Privacy) has fined Verisure Italia €400,000 for unlawful marketing practices and Aimag for inadequate security measures. Both companies are ordered to cease unlawful data processing and comply with GDPR.

GDPR Fines for Employee Monitoring and Email Privacy

The Italian DPA has issued a €120,000 fine to an agricultural seed company for unlawfully monitoring employee driving habits via company vehicles. The newsletter also covers GDPR implications for accessing a dismissed employee's email and new tools against telemarketing.

EU Implementing Regulations and Decisions - February 2026

The EU Official Journal L series for February 9, 2026, includes several implementing regulations and decisions. These cover amendments to lists of third countries authorised for imports of fresh poultry meat, germinal products of equine animals, registration of geographical indications, and harmonised standards for construction products.

EU Official Journal L Series Daily View - February 10, 2026

The EU Official Journal L series for February 10, 2026, includes several new implementing and delegated regulations. These cover diverse areas such as mental health data, consumer product disclosure, rail transport interoperability, plant health, and anti-dumping measures on steel wires from China.

EU Official Journal C Series - February 10, 2026

The EU Official Journal C series for February 10, 2026, includes notices on State aid authorisations where no objections were raised, a non-opposition to a notified concentration, and communications from the Hungarian Ministry of Energy regarding hydrocarbon exploration and production authorisations.

EU Official Journal L Series Daily View - February 11, 2026

The EU Official Journal L series for February 11, 2026, has been published, including new regulations and implementing decisions. These cover various sectors such as securities supervision fees, greenhouse gas exemptions for semiconductor manufacturing, pesticide approvals, and animal health import requirements.

EU Legislation and Regulatory Notices - February 11, 2026

The EU Official Journal C series published several notices on February 11, 2026. These include communications on State aid, media service provider declarations under the European Media Freedom Act, renewable fuels in maritime transport, restrictive measures concerning Ukraine, and prior notifications of concentrations.

IMY Fines Trygg-Hansa SEK 35 Million for Data Exposure

The Swedish Authority for Privacy Protection (IMY) has issued an administrative fine of SEK 35 million against Trygg-Hansa. This action follows a data exposure incident where information for 650,000 customers was accessible to unauthorized persons via the internet for over two years.

Administrative Fine for Data Collection Without Security

The Swedish Privacy Protection Authority (IMY) has issued an administrative fine of SEK 100,000 against the Equality Ombudsman (DO) for insufficient security measures during personal data collection via a web form. The incident led to the inadvertent disclosure of approximately 500 tips and complaints.