Norway's Borgarting Court of Appeal has upheld the $6 million (NOK 65 million) fine against Grindr, ruling that the company unlawfully shared users’ personal data with advertisers without valid consent. The decision, handed down on Tuesday, confirms earlier findings by the Norwegian Data Protection Authority (Datatilsynet) and the Oslo District Court that Grindr breached EU data protection law.
The UK Information Commissioner’s Office (ICO) has fined outsourcing giant Capita and its pensions subsidiary a combined £14 million for failing to protect personal data in a 2023 cyberattack that exposed the information of 6.6 million people.
Europe’s data regulators are turning the spotlight on transparency, one of the GDPR’s most fundamental principles. During its October plenary, the European Data Protection Board (EDPB) agreed that its 2026 Coordinated Enforcement Framework (CEF) action will focus on how well organizations are informing people about the use of their personal data under Articles 12, 13, and 14 of the regulation.
Eight major auto insurance companies have agreed to pay more than $19 million in penalties to New York State following a sweeping cybersecurity investigation by the Department of Financial Services (DFS). The enforcement action, announced Tuesday by Superintendent Adrienne A. Harris, revealed failures in data security controls that exposed the personal information of New Yorkers through online insurance quoting systems.
Australia’s privacy regulator has reminded social media companies that privacy must remain front and center as new age restrictions come into force later this year. The Office of the Australian Information Commissioner (OAIC) on Friday published regulatory guidance for age-restricted social media platforms and age assurance providers under the forthcoming Social Media Minimum Age (SMMA) scheme, which begins on December 10.
Australia just crossed a major privacy enforcement milestone. The Federal Court has ordered Australian Clinical Labs (ACL) to pay $3.8 million (AUD $5.8 million) in penalties after a cyberattack on its Medlab Pathology business exposed the personal information of more than 223,000 individuals.
The European Data Protection Board (EDPB) and the European Commission have issued their first-ever joint guidelines, clarifying how the Digital Markets Act (DMA) interacts with the General Data Protection Regulation (GDPR). The document aims to provide legal certainty and consistency for companies subject to both frameworks, particularly large online platforms designated as “gatekeepers.”