The EDPB will coordinate an EU-wide enforcement action on GDPR transparency and information obligations, with national DPAs participating voluntarily and the action launching in 2026.
Austrian regulator found Microsoft 365 Education illegally tracked students via cookies; Microsoft must grant data access and faces scrutiny over transparency and GDPR compliance.
The Irish Data Protection Commission’s 2025 case studies reveal key trends in GDPR enforcement, with fines up to €1.2 million for breaches involving access requests, security failures, and transparency issues.
Meta’s AI app exposes users’ private conversations publicly without clear consent, raising serious GDPR privacy and data protection concerns.
Court upheld Spotify AB’s 5.2 million euros fine for failing to provide clear GDPR information and safeguards for personal data processing and transfers.
Italian Supervisory Authority fined Luka Inc. €5 million for GDPR violations related to Replika chatbot’s data processing, transparency, and age verification failures.
The CSC’s report highlights its role in supervising EU IT systems, issuing transparency recommendations, and preparing for future expansions to ensure data protection.
The Dutch DPA fines Netflix €4.75 million for inadequate customer information on personal data handling, violating GDPR regulations.
WhatsApp appeals a €225 million fine at the CJEU, challenging the EDPB’s decision over alleged GDPR violations related to user data transparency.
The Belgian DPA’s guidance clarifies the compliance of AI systems with GDPR, emphasizing the role of Data Protection Officers and the need for transparency and human oversight.
France’s law No. 2024-449 enhances the CNIL’s enforcement powers, enabling document seizure and oversight of digital service regulations.
The GPEN Sweep 2024 report highlights the prevalence of deceptive design patterns in websites and apps, urging stricter enforcement of data protection laws and more transparent design practices.