GDPR Fines for Employee Monitoring and Email Privacy

The Italian DPA has issued a €120,000 fine to an agricultural seed company for unlawfully monitoring employee driving habits via company vehicles. The newsletter also covers GDPR implications for accessing a dismissed employee's email and new tools against telemarketing.

EU Implementing Regulations and Decisions - February 2026

The EU Official Journal L series for February 9, 2026, includes several implementing regulations and decisions. These cover amendments to lists of third countries authorised for imports of fresh poultry meat, germinal products of equine animals, registration of geographical indications, and harmonised standards for construction products.

EU Official Journal L Series Daily View - February 10, 2026

The EU Official Journal L series for February 10, 2026, includes several new implementing and delegated regulations. These cover diverse areas such as mental health data, consumer product disclosure, rail transport interoperability, plant health, and anti-dumping measures on steel wires from China.

EU Official Journal C Series - February 10, 2026

The EU Official Journal C series for February 10, 2026, includes notices on State aid authorisations where no objections were raised, a non-opposition to a notified concentration, and communications from the Hungarian Ministry of Energy regarding hydrocarbon exploration and production authorisations.

EU Official Journal L Series Daily View - February 11, 2026

The EU Official Journal L series for February 11, 2026, has been published, including new regulations and implementing decisions. These cover various sectors such as securities supervision fees, greenhouse gas exemptions for semiconductor manufacturing, pesticide approvals, and animal health import requirements.

EU Legislation and Regulatory Notices - February 11, 2026

The EU Official Journal C series published several notices on February 11, 2026. These include communications on State aid, media service provider declarations under the European Media Freedom Act, renewable fuels in maritime transport, restrictive measures concerning Ukraine, and prior notifications of concentrations.

IMY Fines Trygg-Hansa SEK 35 Million for Data Exposure

The Swedish Authority for Privacy Protection (IMY) has issued an administrative fine of SEK 35 million against Trygg-Hansa. This action follows a data exposure incident where information for 650,000 customers was accessible to unauthorized persons via the internet for over two years.

Administrative Fine for Data Collection Without Security

The Swedish Privacy Protection Authority (IMY) has issued an administrative fine of SEK 100,000 against the Equality Ombudsman (DO) for insufficient security measures during personal data collection via a web form. The incident led to the inadvertent disclosure of approximately 500 tips and complaints.

GDPR Breach Fines for SL Group Companies

The Swedish Authority for Privacy Protection (IMY) has issued administrative fines of SEK 75,000 each to Aktiebolaget Storstockholms Lokaltrafik (SL) and Waxholms Ångfartygs AB (WÅAB). The fines were imposed for processing personal data related to employee sobriety tests in breach of the GDPR, specifically regarding excessive data storage and handling of potentially sensitive health data.

Apoteket and Apohem Fined for GDPR Violations

The Swedish Authority for Privacy Protection (IMY) has fined Apoteket AB SEK 37 million and Apohem AB SEK 8 million for GDPR violations. The companies improperly transferred sensitive personal data to Meta via the Meta Pixel tool, failing to implement adequate protective measures.