GDPR
-
Startup Delve accused of supplying fake compliance evidence to customers
An anonymous Substack post accuses Delve of supplying fabricated compliance evidence to hundreds of customers, potentially exposing them to HIPAA criminal liability and GDPR fines. The company posted a blog response calling its product an automation platform.
-
GDPR fines pass £1 billion as daily breach reports top 400
Europe’s GDPR fines topped £1 billion in 2025 and authorities recorded an average of 443 breach notifications a day, a 22 percent rise and the first time daily reports passed 400 since GDPR took effect.
-
France fines Free and Free Mobile €42 million after breach exposed 24.6 million records
CNIL imposed a collective €42 million fine on Free and Free Mobile after an October 2024 breach exposed 24,633,469 customer records including IBANs. The decision cited weak VPN authentication, ineffective detection and poor data retention controls.
-
Italy fines Apple €98.6 million over App Tracking Transparency practices
Italy’s competition authority fined Apple €98.6 million, saying App Tracking Transparency exempted Apple apps and forced developers into a burdensome double-consent process; Apple plans to appeal.
-
Global privacy laws strengthen rights but enforcement and outcomes remain uneven
A 35-year review by researchers at Dakota State University finds that global privacy laws have expanded rights and obligations but enforcement and measurable reductions in harm are uneven; the study highlights uneven fines and compliance rates, growing technology-driven pressures, cross-border uncertainty and the need for metrics to track outcomes.
-
Swedish privacy authority opens probe after Miljödata cyberattack that exposed up to 1.5 million people
Sweden’s privacy authority is investigating a cyberattack on Miljödata that exposed data tied to up to 1.5 million people. The breach disrupted municipal services, was posted on the dark web by the Datacarry group, and appears in Have I Been Pwned with roughly 870,000 affected records; IMY has prioritised probes of Miljödata and several municipalities.
-
Dutch regulator fines Experian Netherlands EUR 2.7 million for GDPR violations
The Dutch Data Protection Authority fined Experian Netherlands EUR 2.7 million for multiple GDPR violations after finding the company collected and used personal data from public and private sources without informing individuals, the regulator said.
-
Analysis says Unitree G1 humanoid robot can be used for espionage and cyber attacks
Alias Robotics says its analysis found Unitree G1 humanoid robots can be taken over via a Bluetooth provisioning flaw, use weak, shared encryption for configuration files, and continuously transmit sensor and telemetry data to servers in China, creating risks for covert surveillance and network attacks.
-
Adobe says Analytics ingestion bug caused some customers’ data to appear in other tenants
Adobe said an ingestion bug in Analytics Edge caused some organisations’ data to appear in other customers’ analytics instances between Sept. 17 and Sept. 18, 2025; Adobe is cleaning impacted datasets and a customer advisory seen by BleepingComputer instructs deletion of affected data and backups.
-
France fines Google €325 million and Shein €150 million for cookie violations, CNIL says
France’s CNIL fined Google €325 million and Shein €150 million for cookie-consent violations, ordering compliance within six months, as U.S. authorities push parallel privacy actions and other firms face related penalties.
