EU data protection

EU data protection

Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasizes practicality over feature overload, aiming to provide a reliable system for teams that already rely on Google's tools. Security as the starting point

The EU has extended its adequacy decision, allowing data sharing with and from the UK under the General Data Protection Regulation for at least six more years. This will be some relief to techies in the UK and the member state block and beyond whose work or product set depends on the frictionless movement of data between the two, especially as they can point to the 2031 expiration date as a risk managing aspect to backers and partners. But the move does have its critics.

An internet privacy group is accusing TikTok of violating international law by tracking its users' Grindr data. European digital rights group NOYB filed a complaint against the social media platform, as well as Grindr and digital marketing company AppsFlyer, over claims they breached online privacy laws by tracking user's inter-app activities. The Austria-based organisation alleged to the country's Data Protection Authority on Wednesday (16 December) that TikTok was violating the EU's General Data Protection Regulation (GDPR) and risked exposing its customer's sensitive data.

mounting operational issues

The groups cite a "high volume" of data errors linked to the eVisa scheme, which they say amount to both operational failures and serious data protection breaches. In one documented case referenced in the letter, the passport details, contact information, and immigration status of a Canadian citizen were wrongly disclosed to a Russian woman. Other failures have seen migrants locked out of their eVisa accounts, with no effective support from the Home Office and no clear way to escalate urgent issues.

"We know frontline staff want to get this right but are struggling with lack of resource and guidance. Improving this process starts at the beginning - when a child enters the care system, their information should be recorded with their rights in mind, knowing that they may request it later," he said in a statement.

The explosive growth in AI usage represents the single greatest operational threat to organizations, putting intellectual property (IP) and customer data at serious risk. While AI adoption is growing rapidly, enterprises are increasingly exposed to risks related to data security, third‑party AI tools, shadow AI usage, and governance issues. When sensitive IP or Personally Identifiable Information (PII) is entered into unsanctioned AI systems, the data may be used for model training, stored externally, or exposed in unexpected ways, leading to compliance, IP, and reputational risk.

Britain's data protection regulator issued 17 preliminary enforcement notices and sent warning letters to hundreds of website operators throughout 2025, a pressure campaign that brought 979 of the UK's top 1,000 websites into compliance with cookie consent rules and gave an estimated 40 million people-roughly 80% of UK internet users over age 14-greater control over how they are tracked for personalized advertising.

After a years-long battle, the European Commission's "Chat Control" plan, which would mandate mass scanning and other encryption-breaking measures, at last codifies agreement on a position within the Council of the EU, representing EU States. The good news is that the most controversial part, the forced requirement to scan encrypted messages, is out. The bad news is there's more to it than that.

Germany is evaluating Apple's proposed changes to address antitrust concerns over App Tracking Transparency (ATT), reports . Apple will add neutral consent prompts for its own services and for third-party apps, aligning the wording, content, and visual design of the messages. Apple also plans to simplify the consent process to make it easier for developers to get user permission for ad-related data processing.

From a consumer perspective, knowing that if something is made in Europe, there will not be arsenic in it, there's that trust that is important,

OVH has a Canadian arm, which was the jumping-off point for the courts, but OVH Group is a French company, so the data in France should be protected from prying eyes. Or perhaps not. Rather than using established Mutual Legal Assistance Treaties (MLAT) between Canada and France, the RCMP sought direct disclosure through OVH's Canadian subsidiary. This puts OVH in an impossible position. French law prohibits such data sharing outside official treaties, with penalties up to €90,000 and six months imprisonment.

"serious indications that indeed Shein may be posing more systemic risks for our consumers across the entire European Union,"

Join over 200 experts from across Europe for a compelling three-day forum dedicated to the evolving intersection of health data, artificial intelligence, and privacy in the life sciences and healthcare sectors.

Their demand lands amid fierce criticism of the regulator's decision not to formally investigate the Ministry of Defence over what has been described as the most serious data breach in British history: the leaking of a spreadsheet revealing the identities and locations of more than 19,000 Afghans fleeing the Taliban. Information Commissioner John Edwards defended his stance at a DSIT-hosted hearing last month, insisting the incident was a "one-off" error rather than evidence of systemic non-compliance inside the MoD.

A "discriminatory" artificial intelligence (AI) model used by Sweden's social security agency to flag people for benefit fraud investigations has been suspended, following an intervention by the country's Data Protection Authority (IMY). Starting in June 2025, IMY's involvement was prompted after a joint investigation from Lighthouse Reports and Svenska Dagbladet (SvB) revealed in November 2024 that a machine learning (ML) system being used by Försäkringskassan, Sweden's Social Insurance Agency was disproportionally and wrongly flagging certain groups for further investigation over social benefits fraud.

Axeptio introduces video as the centerpiece of its Consent Management Platform (CMP), transforming the traditional cookie banner into an immersive, multi-sensory, and fully customisable brand experience. By placing storytelling at the core of consent, Axeptio breaks away from "consent fatigue" and reimagines compliance as a new growth lever. What was once a regulatory obligation has now become a stage: a new communication channel where brands can engage audiences, build trust, and convert attention into performance.

A coalition of reporters obtained the dataset, offered as a free sample from a data broker, containing 278 million location data points from the phones of millions of people around Belgium. Much of the location data is uploaded by ordinary apps installed on a person's phones, which is sold to data brokers. Those data brokers then sell that data to governments and militaries.

Lots of companies are announcing AI this and AI that, but few of them offer more than new AI lipstick on an old pig when you look at them closely. Then, there's what SUSE is doing with its release of SUSE Linux Enterprise Server 16 (SLES 16), available today. This new version is positioned as an AI-ready operating system tailored to the demands of today's hybrid cloud, data center, and edge computing environments.