The Italian Supervisory Authority (Garante) has ordered Amazon Italia Logistica S.r.l. to immediately cease certain employee data processing activities affecting more than 1,800 workers, citing serious violations of the General...
In a case of non-cooperation, the Romanian data protection authority ANSPDCP imposed a fine of 2,000 euros on a dental clinic. The case began when the clinic itself reported a data breach to the authority.
A company received a data access request under GDPR Article 15. The data subject received a 15-page document labeled as a data privacy disclosure. At the same time the company confirmed that the data subject’s personal data...
The Spanish supervisory authority Agencia española protección datos (AEPD) imposed several fines on a pharmacy in Catalonia. The pharmacy had accessed the health data of nursing home residents without legal basis...
Hamburg sets a precedent for automated decisions. A company in Hamburg was fined ( 492,000 EURO ) for rejecting credit applications through fully automated algorithms without proper explanation or human review.
The UK Information Commissioner's Office (ICO) has fined the service provider Capita £14 million. The reason: inadequate security measures, which led to a massive hacker attack in March 2023.
The European Data Protection Board has published guidelines on the interaction of the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR) on 12 September 2025.
The importance of complying with cookie consent requirements under the GDPR and ePrivacy Directive was also emphasized upon by other national authorities. On September 1st 2025, France’s data protection authority (CNIL) fined...
A German court ruled in March 2025 that cookie consent banners must present a “Reject All” button as clearly and prominently as “Accept All” – and this applies to any website targeting users in the EU, regardless of where the company is based.
