A suspected cyberattack involving the widely used learning platform Canvas is drawing growing scrutiny from privacy regulators after universities and college campuses in Norway began reporting potential exposure of student and institutional data linked to the incident.
Hungary’s data protection authority has opened an investigation into a major reported data leak involving Mediaworks Hungary Zrt., after hackers allegedly stole and published millions of files containing sensitive personal information on the dark web.
The Danish Data Protection Agency has ordered Aalborg Municipality to bring its handling of personal data into compliance with data protection rules, after an investigation found the municipality had failed to delete information it no longer had a legal basis to retain.
Ireland’s Data Protection Commission has opened a formal inquiry into Infinite Styles Services, the Irish entity of SHEIN, examining how it transfers the personal data of EU and EEA users to China.
The Federal Trade Commission is moving to restrict how one of the data broker industry’s more prominent players handles location data, proposing a settlement that would prohibit Kochava and its subsidiary Collective Data Solutions from selling or sharing sensitive location information unless consumers have clearly agreed to it.
South Korea’s Personal Information Protection Commission is adjusting how it expects companies to explain their data practices, updating its Guidelines on Writing a Privacy Policy to better reflect how information is actually handled in an era shaped by generative AI and on-device computing.
In a notice circulated to trade associations, the Italian Data Protection Authority has said that hotels, bed and breakfasts, and guesthouses must not retain photocopies or digital images of guests’ identity documents beyond the time needed to transmit required information to public security authorities. The clarification comes as the regulator reports a rise in complaints and personal data breaches in recent months.