sanctions

A burlap pouch lies on top of various Euro banknotes. The visible denominations include 100, 200, and 500. The bills are colorful, each featuring different architectural designs. The pouch is small and textured, contrasting with the smooth, vibrant currency beneath it.

March 5, 2026

FC Barcelona faces €500,000 GDPR fine over biometric data processing violations

Spain’s data protection authority, the Agencia Española de Protección de Datos (AEPD), has imposed a €500,000 fine on Fútbol Club […]

A wooden gavel rests on a closed book, overlaid with the European Union flag featuring yellow stars on a blue background. The composition suggests themes of law and governance within the EU.

February 11, 2026

Court Confirms WhatsApp’s Right to Contest EDPB GDPR Fine Decision

The Court of Justice ruled WhatsApp can challenge the EDPB binding decision on GDPR violations, sending the case back for a full review.

December 12, 2025

EU Court Holds Websites Responsible for GDPR Compliance with User Content

The EU court ruled that websites hosting user content must actively protect user privacy and comply with GDPR, including for anonymous users, or face heavy fines.

October 29, 2025

Court of Appeal upholds GDPR fine against Grindr

Norwegian court upheld a major GDPR fine against Grindr for improper processing and sharing of sensitive and location data, stressing stricter requirements for consent, minimization and safeguards.

Close-up of overlapping Euro banknotes, featuring part of a 20 Euro note with the signature of Mario Draghi and a 50 Euro note showing an architectural arch. The 20 Euro note displays the EU flag with yellow stars and the year 2015. The notes' colors are blue and orange.

October 29, 2025

Dutch regulator fines Experian Netherlands €2.7M for unlawful data use

The Dutch regulator fined Experian Netherlands €2.7M for unlawfully collecting and processing personal data for credit assessments without proper transparency, lawful basis, or data subject rights.

A person wearing a light blue shirt is writing on white papers spread across a dark surface. They hold a pen in their right hand, focusing on the task. The background is softly blurred, emphasizing the writing activity.

October 29, 2025

NOYB files criminal complaint over Clearview AI’s GDPR violations

Criminal complaint in Austria seeks prosecution of Clearview AI for mass biometric data scraping after multiple EU GDPR fines and bans exposed enforcement limitations against a U.S. company.

A chocolate chip cookie with a bite taken out rests on a white background. Crumbs are scattered around, adding texture to the scene. The cookie is golden brown with visible chocolate chips, and its rough, crumbly texture is evident.

September 8, 2025

CNIL fines Google €325 million and SHEIN €150 million for cookie non-compliance

The CNIL fined Google (€325M) and SHEIN (€150M) for cookie and ad consent breaches, stressing free, informed consent and sanctioning covert tracking and cookie-wall practices.

Unmade bed with white sheets and pillows next to a large window. Outside, an urban cityscape with tall buildings and a variety of architectural styles is visible. The scene is bright, suggesting daytime, and the view captures a mix of modern and older structures.

September 2, 2025

Spains DPA fines hotels over scanning guest identity documents

AEPD fines Iberostar unit €70,000 for requiring full ID copies at booking; authority stresses GDPR data minimisation and that copies are unnecessary and risky for guest registration.

Airplane wing with a red tip against a clear blue sky. Below, there is an expanse of ocean meeting a sandy coastline, with some white clouds near the coast. The horizon divides the blues of the sky and sea, creating a serene aerial scene.

August 13, 2025

IMY reprimands Flightradar24 for unlawful handling of aircraft owners’ data

IMY reprimanded Flightradar24 for GDPR breaches after routinely demanding aircraft registration certificates, requiring improved erasure procedures and proportional identity verification.

July 23, 2025

McDonald’s in Poland Fined €3.6 million for Employee Data Exposure and Security Failures

Polish Data Protection Authority fined McDonald’s and its processor over €3.6 million for GDPR violations after employee data exposure due to poor security and oversight.

Several multicolored file folders are closely packed together on a shelf. They are filled with various documents, evident from the tabs and papers peeking out. The folders are organized in a slightly curved, staggered arrangement, creating a colorful and orderly display.

July 8, 2025

Irish DPA Publishes 2025 Case Studies

The Irish Data Protection Commission’s 2025 case studies reveal key trends in GDPR enforcement, with fines up to €1.2 million for breaches involving access requests, security failures, and transparency issues.

June 12, 2025

Swedish Court Uphelds GDPR Fine on Spotify for Data Processing Failures

Court upheld Spotify AB’s 5.2 million euros fine for failing to provide clear GDPR information and safeguards for personal data processing and transfers.

1 2 3 4 ›»

sanctions

Support GDPR buzz!

Get notified about news & resources