France’s privacy regulator (CNIL) has sanctioned France Travail and fined the company €5 million over a breach that occurred in the first quarter of 2024. The regulator concluded that the agency failed to put in place security measures commensurate with the risks involved in processing highly sensitive personal data.
Nike is investigating a potential cybersecurity incident after a cybercrime group claimed it had stolen data from the company’s systems, according to multiple cybersecurity and media reports.
Sweden’s privacy regulator has fined Sportadmin roughly $560,000 (SEK 6 million) after concluding that the company failed to implement adequate IT security measures ahead of a major cyberattack that exposed personal data on more than 2.1 million people.
France’s data protection authority, the CNIL, has imposed a €3.5 million fine on a company for unlawfully using the personal data of its loyalty program members to fuel targeted advertising on a social network. The sanction, adopted on 30 December 2025 and announced publicly on 22 January 2026, stems from long-running practices that the regulator says breached core principles of EU data protection law and affected more than 10.5 million people.
The European Commission has unveiled a new package of measures aimed at strengthening the European Union’s cybersecurity resilience, as cyber and hybrid threats increasingly target essential services, businesses, and democratic institutions across the bloc.
The Cyprus Securities and Exchange Commission has issued guidance to regulated entities so that Europe’s new digital resilience regime is no longer an abstract compliance exercise. In a circular published on 19 January 2026, the regulator signaled growing concern that some firms are still struggling with the basics of the Digital Operational Resilience Act (DORA), particularly when it comes to incident reporting, ICT governance, and regulatory submissions.
The Dutch data protection watchdog is urging lawmakers to slow down and look closely at the real-world impact of sweeping new anti-money laundering rules, warning that a major expansion of financial surveillance can only be justified if it is proven to work and if people’s privacy is meaningfully protected.