EU data protection

EU data protection

If your partner in Munich mishandles customer data, or your reseller in Paris uses a "black box" AI tool to generate deceptive ads, it isn't just their reputation on the line. It's yours. With the EU AI Act now in full swing and GDPR entering its "mature enforcement" era, the distance between a partner's mistake and your company's $20 million fine has never been shorter.

digitalAudience today (13th January, 2026) announced the acquisition of Rayn.io, an AI-native audience intelligence platform recognised on the AI LUMAscape by LUMA Partners. The acquisition strengthens digitalAudience's data and identity infrastructure and supports its long-term strategy to deliver privacy-safe audience intelligence across European markets. Rayn.io has developed an AI-first technology focused on real-time audience intelligence and web-level signal analysis, designed to operate within the strict European privacy regulations.

"In light of the recent controversies relating to Grok, I have written directly to X to request a meeting to discuss what steps the platform is taking to address these issues and to ensure compliance with Irish and EU law. I have also been in contact with Coimisiún na Meán and with the Office of the Attorney General to seek updates on how this matter is being assessed from a legal and regulatory perspective."

Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasizes practicality over feature overload, aiming to provide a reliable system for teams that already rely on Google's tools. Security as the starting point

The EU has extended its adequacy decision, allowing data sharing with and from the UK under the General Data Protection Regulation for at least six more years. This will be some relief to techies in the UK and the member state block and beyond whose work or product set depends on the frictionless movement of data between the two, especially as they can point to the 2031 expiration date as a risk managing aspect to backers and partners. But the move does have its critics.

mounting operational issues

The groups cite a "high volume" of data errors linked to the eVisa scheme, which they say amount to both operational failures and serious data protection breaches. In one documented case referenced in the letter, the passport details, contact information, and immigration status of a Canadian citizen were wrongly disclosed to a Russian woman. Other failures have seen migrants locked out of their eVisa accounts, with no effective support from the Home Office and no clear way to escalate urgent issues.

"We know frontline staff want to get this right but are struggling with lack of resource and guidance. Improving this process starts at the beginning - when a child enters the care system, their information should be recorded with their rights in mind, knowing that they may request it later," he said in a statement.

The explosive growth in AI usage represents the single greatest operational threat to organizations, putting intellectual property (IP) and customer data at serious risk. While AI adoption is growing rapidly, enterprises are increasingly exposed to risks related to data security, third‑party AI tools, shadow AI usage, and governance issues. When sensitive IP or Personally Identifiable Information (PII) is entered into unsanctioned AI systems, the data may be used for model training, stored externally, or exposed in unexpected ways, leading to compliance, IP, and reputational risk.

Britain's data protection regulator issued 17 preliminary enforcement notices and sent warning letters to hundreds of website operators throughout 2025, a pressure campaign that brought 979 of the UK's top 1,000 websites into compliance with cookie consent rules and gave an estimated 40 million people-roughly 80% of UK internet users over age 14-greater control over how they are tracked for personalized advertising.

After a years-long battle, the European Commission's "Chat Control" plan, which would mandate mass scanning and other encryption-breaking measures, at last codifies agreement on a position within the Council of the EU, representing EU States. The good news is that the most controversial part, the forced requirement to scan encrypted messages, is out. The bad news is there's more to it than that.

Germany is evaluating Apple's proposed changes to address antitrust concerns over App Tracking Transparency (ATT), reports . Apple will add neutral consent prompts for its own services and for third-party apps, aligning the wording, content, and visual design of the messages. Apple also plans to simplify the consent process to make it easier for developers to get user permission for ad-related data processing.

From a consumer perspective, knowing that if something is made in Europe, there will not be arsenic in it, there's that trust that is important,

OVH has a Canadian arm, which was the jumping-off point for the courts, but OVH Group is a French company, so the data in France should be protected from prying eyes. Or perhaps not. Rather than using established Mutual Legal Assistance Treaties (MLAT) between Canada and France, the RCMP sought direct disclosure through OVH's Canadian subsidiary. This puts OVH in an impossible position. French law prohibits such data sharing outside official treaties, with penalties up to €90,000 and six months imprisonment.

"serious indications that indeed Shein may be posing more systemic risks for our consumers across the entire European Union,"

Join over 200 experts from across Europe for a compelling three-day forum dedicated to the evolving intersection of health data, artificial intelligence, and privacy in the life sciences and healthcare sectors.

Their demand lands amid fierce criticism of the regulator's decision not to formally investigate the Ministry of Defence over what has been described as the most serious data breach in British history: the leaking of a spreadsheet revealing the identities and locations of more than 19,000 Afghans fleeing the Taliban. Information Commissioner John Edwards defended his stance at a DSIT-hosted hearing last month, insisting the incident was a "one-off" error rather than evidence of systemic non-compliance inside the MoD.

A "discriminatory" artificial intelligence (AI) model used by Sweden's social security agency to flag people for benefit fraud investigations has been suspended, following an intervention by the country's Data Protection Authority (IMY). Starting in June 2025, IMY's involvement was prompted after a joint investigation from Lighthouse Reports and Svenska Dagbladet (SvB) revealed in November 2024 that a machine learning (ML) system being used by Försäkringskassan, Sweden's Social Insurance Agency was disproportionally and wrongly flagging certain groups for further investigation over social benefits fraud.

Axeptio introduces video as the centerpiece of its Consent Management Platform (CMP), transforming the traditional cookie banner into an immersive, multi-sensory, and fully customisable brand experience. By placing storytelling at the core of consent, Axeptio breaks away from "consent fatigue" and reimagines compliance as a new growth lever. What was once a regulatory obligation has now become a stage: a new communication channel where brands can engage audiences, build trust, and convert attention into performance.