Irish DPA Publishes 2025 Case Studies
The Irish Data Protection Commission’s 2025 case studies reveal key trends in GDPR enforcement, with fines up to €1.2 million for breaches involving access requests, security failures, and transparency issues.
transparency
Meta AI App Shares Private User Conversations Publicly Without Consent
Meta’s AI app exposes users’ private conversations publicly without clear consent, raising serious GDPR privacy and data protection concerns.
Swedish Court Uphelds GDPR Fine on Spotify for Data Processing Failures
Court upheld Spotify AB’s 5.2 million euros fine for failing to provide clear GDPR information and safeguards for personal data processing and transfers.
Italian Authority Fined Luka Inc. €5 Million for GDPR Violations in Replika Chatbot
Italian Supervisory Authority fined Luka Inc. €5 million for GDPR violations related to Replika chatbot’s data processing, transparency, and age verification failures.
EDPB’s CSC Releases Biannual Activity Report
The CSC’s report highlights its role in supervising EU IT systems, issuing transparency recommendations, and preparing for future expansions to ensure data protection.
Netflix Fined €4.75 Million for Insufficient Transparency
The Dutch DPA fines Netflix €4.75 million for inadequate customer information on personal data handling, violating GDPR regulations.
WhatsApp Appeals €225 Million GDPR Fine to EU’s Top Court
WhatsApp appeals a €225 million fine at the CJEU, challenging the EDPB’s decision over alleged GDPR violations related to user data transparency.
Belgian DPA publishes guidance on interplay between GDPR and AI Act
The Belgian DPA’s guidance clarifies the compliance of AI systems with GDPR, emphasizing the role of Data Protection Officers and the need for transparency and human oversight.
French Data Protection Authority (CNIL) Gains New Powers
France’s law No. 2024-449 enhances the CNIL’s enforcement powers, enabling document seizure and oversight of digital service regulations.
GPEN Sweep 2024 Report on Deceptive Design Patterns Published
The GPEN Sweep 2024 report highlights the prevalence of deceptive design patterns in websites and apps, urging stricter enforcement of data protection laws and more transparent design practices.
Court reduces Spotify GDPR fine to 4 Million Euros
The Administrative Court reduced Spotify AB’s GDPR sanction to 40 million euros.
noyb Files GDPR Complaint Against Google’s Privacy Sandbox
noyb files GDPR complaint against Google’s Privacy Sandbox for misleading users with hidden tracking features, raising concerns about transparency and user consent in data privacy.