The European Commission is preparing the Digital Omnibus Package, a major initiative to simplify and modernise the EU’s complex digital rulebook. Expected in November 2025, the proposal aims to reduce administrative burdens, clarify overlaps between laws and help businesses—especially SMEs—navigate digital compliance more easily. The package will introduce targeted updates to existing regulations, including the ePrivacy Directive, the Data Governance Act, and the AI Act, with

The city of Braga has reaffirmed that data protection and technological security were top priorities in the public procurement of 35 Yutong electric buses, following concerns raised in Norway and Denmark about cybersecurity risks linked to the manufacturer. The municipality states that the contract includes strict rules preventing any unauthorized remote access and guarantees that all data, including black box records, belongs exclusively to the city. Braga also confirms that

The European Commission’s new “Digital Omnibus” proposal, published on 19 November, is facing strong criticism as experts warn it could weaken key safeguards in the GDPR and the ePrivacy Directive. Privacy group noyb released a 71-page analysis comparing current law with the Commission’s proposals, highlighting legal inconsistencies, risks to fundamental rights, and real-world consequences for users, regulators, and companies. Despite removing some controversial elements afte

Hyundai is warning customers after a newly confirmed data breach may have exposed the personal information of up to 2.7 million drivers. The breach, traced to Hyundai AutoEver, leaked sensitive data including names, driver’s license numbers, and Social Security numbers. Although the attack happened in February, a months-long investigation means affected customers are only being notified now. Hyundai has brought in cybersecurity experts and is offering two years of free credit

Apple has issued a security alert, urging all users to update their devices immediately. A recently discovered vulnerability could allow hackers or third parties to access locked devices, bypass passcodes, and extract sensitive data. The update is available for iPhone XS and later, several iPad models, Apple Watch, and Macs, fixing the CVE-2025-24200 flaw. The issue affects USB Restricted Mode, originally designed to prevent tools like “GrayKey” from accessing private data. W

Amazon has lost its appeal against a record €746 million ($812M) fine imposed by Luxembourg’s privacy regulator (CNPD) for violating EU GDPR rules. The court sided with the CNPD, which had penalized Amazon for improperly processing personal data. While Amazon is considering further appeals, the ruling underscores Europe’s strict approach to data protection and its willingness to enforce the GDPR at the highest levels. The CNPD also included measures for Amazon to remedy the d

Ireland’s Data Protection Commission (DPC) has fined TikTok €530 million for failing to ensure that European user data transferred to China was protected from access by Chinese authorities. The investigation revealed that TikTok provided misleading information to the DPC and failed to demonstrate that data sent to China would have protection levels equivalent to GDPR standards. While TikTok claims it never shared data with the Chinese government, the DPC found that data was r

Recent court decisions in Germany and at the European General Court are challenging the traditional interpretation of GDPR compensation. Historically, under Art. 82 GDPR, data subjects could only claim damages if they proved actual harm resulting from a GDPR violation. However, recent cases—like Junghans v. Meta and Bindl v. European Commission—suggest that a mere loss of control over personal data or uncertainty about its processing can now qualify as non-material damages, e

The European Commission is preparing changes to the General Data Protection Regulation (GDPR) aimed at reducing administrative burdens for small and medium-sized enterprises (SMEs), while maintaining strong privacy protections. Proposed adjustments may include simplifying data registration requirements for companies with fewer than 500 employees.   The initiative responds to concerns that the current GDPR framework increases compliance costs, creates legal uncertainty due to

Last year, Portugal reported 332 personal data breaches—almost one per day—according to the National Data Protection Commission (CNPD). Incidents ranged from unauthorized access to databases to exposure of sensitive information, affecting both public and private sectors. Experts warn the real number may be even higher, as many breaches go unreported. The CNPD continues to strengthen oversight and educate organizations on data protection, promoting preventive measures like aud

Even after the official opt-out period, there’s no guarantee that Meta won’t use your personal data—posts, photos, messages, and even memories—to train its AI systems. Experts warn that the opt-out process is confusing, fragmented across platforms like Facebook, Instagram, Messenger, and Threads, and often leaves users unsure if their refusal applies to all services. This raises serious concerns about transparency and control over our own information. By agreeing to terms wit

The EU has launched an investigation into X (formerly Twitter) over the use of personal data from EU and EEA users to train its AI models, including Grok. The Irish Data Protection Commission (DPC), acting on behalf of the EU, will examine whether X’s practices comply with key GDPR provisions, especially regarding legality and transparency. This follows X’s commitment in September to stop using certain EU user data for AI training. However, the company continued AI model deve

Researchers have uncovered one of the largest data breaches ever: 16 billion login credentials exposed, from malware and old datasets. Social media, cloud services, corporate tools, and VPNs may have been affected. While no centralized attack on companies like Apple, Google, or Facebook has been confirmed, the leak puts millions of users at risk of identity theft, phishing, and account takeovers. Experts recommend: change your passwords regularly, enable two-factor authentica

According to the House Chief Administrative Officer, WhatsApp poses a high risk due to its lack of transparency in data handling, absence of encryption for stored data, and potential vulnerabilities. Staff are now prohibited from using the app across mobile, desktop, and web versions. Meta, WhatsApp’s parent company, strongly disagrees, insisting the platform offers end-to-end encryption by default and even stronger protections than many of the apps approved by the House. As

Germany’s data protection commissioner has called on Apple and Google to remove the AI chatbot DeepSeek from their app stores, citing...

Meta has been fined €251 million by the European Union for a data breach that occurred in 2018, affecting 29 million accounts, including...

The National Data Protection Commission (CNPD) is investigating the Portuguese Institute of Social Security (ISS) for an alleged data...

Europol's data protection regime is designed to ensure privacy and compliance with data protection principles while supporting law...

The Austrian Data Protection Authority (DSB) has been criticized by the Court of Justice of the European Union (CJEU) for its arbitrary...

Chinese AI company DeepSeek is under investigation by several EU data protection authorities over potential GDPR breaches linked to...