IT Security & Privacy

Swedish authorities have recently delivered a long-awaited attempt at clarity on how health data can be used, shared, and governed. A government assignment launched in June 2025 asked the Swedish eHealth Agency and the Swedish Data Protection Authority to do something healthcare actors have been asking for repeatedly i.e., explain how the law actually works in practice when it comes to health data. That work is now complete, with the authorities submitting their final report this week to the Ministry of Health and Welfare.

The Cybersecurity and Infrastructure Security Agency has ordered federal civilian agencies to take a hard look at the devices sitting at the edge of their networks, and to remove any that can no longer be supported, as part of a broader push to reduce exposure to cyberattacks.

Panera Bread has confirmed a cyber intrusion after customer contact data linked to more than 5 million people appeared online, marking the latest high-profile breach tied to the ShinyHunters extortion group and its growing focus on identity-based attacks.

UK regulators have launched parallel investigations into the Grok artificial intelligence system following reports that it has been used to generate non-consensual sexualized images and videos of real people, including children.

The Swedish Data Protection Authority (IMY) has identified three areas that will shape its guidance and enforcement work over the coming year: the use of artificial intelligence in the public sector, the protection of children and young people online, and the expanding range of tools used by law enforcement authorities.

France’s privacy regulator (CNIL) has sanctioned France Travail and fined the company €5 million over a breach that occurred in the first quarter of 2024. The regulator concluded that the agency failed to put in place security measures commensurate with the risks involved in processing highly sensitive personal data.

Nike is investigating a potential cybersecurity incident after a cybercrime group claimed it had stolen data from the company’s systems, according to multiple cybersecurity and media reports.