Experian fined $3.2 million for mass-collecting personal data
Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR) [...]
Stay informed on GDPR regulations and data protection with the latest news, insights, and compliance strategies in our info security hub.
Search across headline titles and summaries.
Background for this topic.
GDPR is the European Union’s General Data Protection Regulation, in force since 25 May 2018. It governs the processing of personal data by organizations in the EU and, in some circumstances, organizations elsewhere that offer services to or monitor people in the EU. It sets principles and lawful bases for processing, gives individuals rights over their data, and defines duties for controllers and processors.
For security practitioners, GDPR requires risk-appropriate technical and organizational measures to protect personal data, such as access control, encryption or pseudonymization where appropriate, resilience, and regular testing. Privacy by design and by default should shape system and data-flow decisions. A personal-data breach may require notifying the relevant supervisory authority without undue delay and, where feasible, within 72 hours of awareness; affected individuals may also need notification when the risk is high. These obligations make asset and data inventories, processor oversight, retention controls, and breach playbooks operationally important.
Weekly headline count for the current query.
Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR) [...]
Discover how GDPR compliance can spark real growth and give you a competitive advantage with practical strategies and a strong security culture. [...]
The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. [...]
The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union's GDPR data protection regulations. [...]
Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's data to China and infringing European Union's general data protection regulation (GDPR). [...]
The Irish Data Protection Commission (DPC) fined Meta €251 million ($263.6M) over General Data Protection Regulation (GDPR) violations arising from a 2018 personal data breach impacting 29 million Facebook accounts. [...]
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has imposed a fine of €290,000,000 ($325 million) on Uber Technologies Inc. and Uber B.V. over GDPR violations. [...]
European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints about X using the personal data from over 60 million users in Europe to train "Grok," the social media company's large language model. [...]
The French data protection authority (CNIL) fined medical software vendor Dedalus Biology with EUR 1.5 million for violating three articles of the GDPR (General Data Protection Regulation). [...]