Poland’s data protection authority has fined DPD Polska more than $2.75 million (over PLN 11 million) after finding serious failures in how the courier company structured its relationships with external carriers and authorized staff to handle personal data.
PayPal is notifying a number of customers that their personal information was exposed following a coding error in its PayPal Working Capital loan application, an issue that persisted for more than five months before being identified.
It was a record-breaking year for data breaches in Sweden and not the kind anyone wants to celebrate. The Swedish Data Protection Authority, known as IMY, reported that 12,276 personal data breach notifications were filed in 2025, the highest number recorded since the General Data Protection Regulation came into force in 2018.
California has secured its largest settlement yet under the California Consumer Privacy Act, with Attorney General Rob Bonta announcing that The Walt Disney Company will pay $2.75 million to resolve allegations that it failed to fully honor consumers’ requests to opt out of the sale or sharing of their personal information.
Ireland’s Data Protection Commission has opened a formal inquiry into X and the Irish entity responsible for the X platform in the EU, over concerns that generative artificial intelligence tools linked to the platform may have been used to create and publish non-consensual intimate images.
Ofcom has fined Kick Online Entertainment £800,000 after finding the company failed to put in place age checks to stop children from accessing pornographic content, in breach of duties under the Online Safety Act.
The European Data Protection Board has set out how it intends to navigate the next phase of Europe’s digital rulebook, adopting its 2026–2027 work program to make GDPR compliance easier to understand, ensure enforcement is more consistent across borders and strengthen cooperation in an increasingly crowded regulatory landscape.