Spains DPA fines hotels over scanning guest identity documents
AEPD fines Iberostar unit €70,000 for requiring full ID copies at booking; authority stresses GDPR data minimisation and that copies are unnecessary and risky for guest registration.
DPA
IMY reprimands Flightradar24 for unlawful handling of aircraft owners’ data
IMY reprimanded Flightradar24 for GDPR breaches after routinely demanding aircraft registration certificates, requiring improved erasure procedures and proportional identity verification.
Ireland’s DPA Launches Toolkit to Safeguard Vulnerable Adults’ Data
New DPC Adult Safeguarding Toolkit guides organisations on GDPR-compliant collection, storage and sharing of vulnerable adults’ personal data with practical templates and sector collaboration.
German court says Facebook fanpage owner not responsible for cookies on webpage
The Cologne court partially overturned the BfDI ban on the German Federal Government’s Facebook fan page, clarifying GDPR responsibilities for public authorities and Meta.
McDonald’s in Poland Fined €3.6 million for Employee Data Exposure and Security Failures
Polish Data Protection Authority fined McDonald’s and its processor over €3.6 million for GDPR violations after employee data exposure due to poor security and oversight.
DPC Opens GDPR Inquiry into TikTok’s Transfers of EEA Data to China
The DPC has launched an inquiry into TikTok’s transfer of EEA user data to China, focusing on GDPR compliance and the legality of cross-border data transfers.
Irish DPA Publishes 2025 Case Studies
The Irish Data Protection Commission’s 2025 case studies reveal key trends in GDPR enforcement, with fines up to €1.2 million for breaches involving access requests, security failures, and transparency issues.
CNIL Analysis Shows GDPR’s Economic Impact on Cybersecurity and Identity Theft Prevention
GDPR has significantly reduced cyber damages in the EU by encouraging better cybersecurity investments and lowering identity theft losses by up to €1.4 billion.
New Regulation to Strengthen GDPR Enforcement and Cross-Border Cooperation
The EU’s new Draft Regulation aims to speed up GDPR enforcement by improving cooperation between data protection authorities and setting clear investigation deadlines.
Data Protection Commission Issues €550,000 Fine Over DSP Biometric Data Use
The DPC fined the Department of Social Protection €550,000 for GDPR violations related to biometric data processing in Public Services Card registration.
Court Temporary Pauses Order to Suspend TikTok’s Data Transfers to China
The High Court granted TikTok a stay on the DPC’s data transfer suspension to China until October while the full legal challenge, including a €530 million fine, is considered.
TikTok Appeals Data Transfer Suspension to China After GDPR Fine in Ireland
TikTok seeks to halt an Irish court-ordered suspension of data transfers to China following a €530 million GDPR fine by the Data Protection Commission.