Austria finds Microsoft illegally tracked students
Austrian regulator found Microsoft 365 Education illegally tracked students via cookies; Microsoft must grant data access and faces scrutiny over transparency and GDPR compliance.
DPA
Investigation reveals sale of precise phone movement data in Ireland
Undercover RTÉ reporting shows minute-by-minute smartphone location data for tens of thousands in Ireland is being sold, enabling re-identification and raising serious privacy and security concerns.
CNIL fines Google €325 million and SHEIN €150 million for cookie non-compliance
The CNIL fined Google (€325M) and SHEIN (€150M) for cookie and ad consent breaches, stressing free, informed consent and sanctioning covert tracking and cookie-wall practices.
Spains DPA fines hotels over scanning guest identity documents
AEPD fines Iberostar unit €70,000 for requiring full ID copies at booking; authority stresses GDPR data minimisation and that copies are unnecessary and risky for guest registration.
IMY reprimands Flightradar24 for unlawful handling of aircraft owners’ data
IMY reprimanded Flightradar24 for GDPR breaches after routinely demanding aircraft registration certificates, requiring improved erasure procedures and proportional identity verification.
Ireland’s DPA Launches Toolkit to Safeguard Vulnerable Adults’ Data
New DPC Adult Safeguarding Toolkit guides organisations on GDPR-compliant collection, storage and sharing of vulnerable adults’ personal data with practical templates and sector collaboration.
German court says Facebook fanpage owner not responsible for cookies on webpage
The Cologne court partially overturned the BfDI ban on the German Federal Government’s Facebook fan page, clarifying GDPR responsibilities for public authorities and Meta.
McDonald’s in Poland Fined €3.6 million for Employee Data Exposure and Security Failures
Polish Data Protection Authority fined McDonald’s and its processor over €3.6 million for GDPR violations after employee data exposure due to poor security and oversight.
DPC Opens GDPR Inquiry into TikTok’s Transfers of EEA Data to China
The DPC has launched an inquiry into TikTok’s transfer of EEA user data to China, focusing on GDPR compliance and the legality of cross-border data transfers.
Irish DPA Publishes 2025 Case Studies
The Irish Data Protection Commission’s 2025 case studies reveal key trends in GDPR enforcement, with fines up to €1.2 million for breaches involving access requests, security failures, and transparency issues.
CNIL Analysis Shows GDPR’s Economic Impact on Cybersecurity and Identity Theft Prevention
GDPR has significantly reduced cyber damages in the EU by encouraging better cybersecurity investments and lowering identity theft losses by up to €1.4 billion.
New Regulation to Strengthen GDPR Enforcement and Cross-Border Cooperation
The EU’s new Draft Regulation aims to speed up GDPR enforcement by improving cooperation between data protection authorities and setting clear investigation deadlines.