EU General Court Upholds EU‑US Data Privacy Framework
Eu court dismissed Latombe’s annulment of the EU‑US Data Privacy Framework, allowing data transfers to continue while advocates signal likely further legal challenges.
data
Hundreds of thousands of Grok chats found in search results
Searchable links to Grok chat transcripts have exposed hundreds of thousands of user conversations, raising serious GDPR and privacy concerns about shared AI chats.
AI browsers leak personal data
Study finds major AI browser assistants transmit sensitive personal data, likely breaching GDPR and requiring stronger consent, transparency, and technical safeguards.
Spains DPA fines hotels over scanning guest identity documents
AEPD fines Iberostar unit €70,000 for requiring full ID copies at booking; authority stresses GDPR data minimisation and that copies are unnecessary and risky for guest registration.
Ireland’s DPA Launches Toolkit to Safeguard Vulnerable Adults’ Data
New DPC Adult Safeguarding Toolkit guides organisations on GDPR-compliant collection, storage and sharing of vulnerable adults’ personal data with practical templates and sector collaboration.
German Court Restricts Police Use of Spyware
German high court restricts law enforcement use of spyware to cases with at least a three-year maximum sentence, citing severe interference with fundamental rights.
EDPB announces forthcoming unified GDPR breach reporting form
EDPB will publish an EU-wide GDPR breach notification template to standardize reporting, aid cross-border compliance, and support accompanying guidance and tools.
Microsoft Admits U.S. Access Risk to EU Citizen Data
Microsoft France admits it cannot guarantee French citizen data in EU datacenters is fully protected from U.S. government access, highlighting digital sovereignty challenges.
DPC Opens GDPR Inquiry into TikTok’s Transfers of EEA Data to China
The DPC has launched an inquiry into TikTok’s transfer of EEA user data to China, focusing on GDPR compliance and the legality of cross-border data transfers.
Germany’s Data Watchdog Calls for DeepSeek Ban
Germany’s data watchdog accuses DeepSeek of unlawful data transfers to China, prompting potential EU-wide app bans under GDPR rules.
Commission Officially Extends EU-UK Data Adequacy Decisions by Six Months
The EU Commission extended data adequacy decisions with the UK by six months to assess the new UK Data Bill while ensuring uninterrupted cross-border data flow.
Data Protection Commission Issues €550,000 Fine Over DSP Biometric Data Use
The DPC fined the Department of Social Protection €550,000 for GDPR violations related to biometric data processing in Public Services Card registration.