Data Protection and Privacy News

More than 70% of the cyber threats detected are identity impersonations, according to INCIBE

The text literally says that the citizen must appear at the Central Department of the National Police in Madrid on December 20, 2024 for an alleged administrative file.

A TSJC condemns Mercadona to pay €7,501 for violating the data protection of a manager

The TSJC has recognized that the use of personal data occurred in the context of a disciplinary proceeding that culminated in a dismissal and that Mercadona acted in the exercise of the disciplinary power contained in the Workers' Statute.

The UN warns: international data collection does not have a binding legal framework

An absence of specific regulation is identified as one of the main current challenges in the area of digital privacy.

Thousands of patients with resistant depression improve today thanks to neurotechnologies

The neurologist Álvaro Pascual-Leone, professor at Harvard Medical School, and the neuroscientist Mariano Sigman, international researcher and popularizer, participated in the debate.

More than 10,000 seniors at the Senior Fair: sure prizes in exchange for personal data

During the fair, several activities offered sure prizes in exchange for personal data such as name, surnames, phone, and email address.

More than 7,144 million in GDPR fines: this is how the misuse of your data is punished in Europe

Spain leads the European ranking with 3,034 sanctions imposed since the implementation of the GDPR, far ahead of Italy, Romania, Germany, Poland and Greece.

A fake email from 'My Citizen Folder' promises €552.97: this is how the fraud detected by INCIBE operates

The message arrives from the address "[email protected]" and simulates an official notification. In the text, the recipient is informed that "an income of 552.97 euros has been generated in their favor".

Fine of 48.000 € for using personal mobile phones for work access tokens

Of the 364 active employees, 203 provided their personal mobile to receive SMS authentication tokens.

An SMS, a call and €20,000 less: this is how the group dismantled in Córdoba acted

The @ Team of the Córdoba Command, specialized in cybercrime, has investigated 12 people as alleged perpetrators of fraud and money laundering crimes.

Alert on digital surveillance among young people

Cheyenne Hunt, executive director of Gen Z For Change, has pointed out that the current political administration has increased monitoring on activist groups and youth organizations.

Five years without practicing for inviting a patient to 'have a beer' after consulting her data

During the process, the doctor admitted having called the patient from his personal number. He declared that his intention was "to invite the patient for a drink" to "talk about the disability situation and the assessment".

Romania annuls the first presidential round after detecting Russian cyberattacks

The European Commission maintains open a formal investigation against TikTok for possible violation of the Digital Services Act.

The AEPD obliges Palma to change the brown containers for violating data protection

The Palma City Council has defended during the procedure that there was no processing of personal data and that only statistical data was collected to adjust the collection frequency or the number of containers per areas.

Europol dismantles LeakBase, forum with more than 142,000 users of stolen data

The police intervention has been carried out simultaneously in 14 countries and has involved the participation of the National Police and the Civil Guard, alongside authorities from different jurisdictions.

Cyberattack to TfL: data of 10 million users exposed in 2024

According to the information provided, the attackers managed to obtain names, email and postal addresses, as well as phone numbers of approximately 10 million people.

95% of new cars in 2026 will send your personal data without asking permission

Electric and connected vehicles collect detailed information about geolocation, biometrics, and driving habits. These data include GPS trajectories, facial recognition, and music listening patterns.

Delays of up to 29 days in payroll allow an employee to break her contract and collect €46,266.90

The judicial resolution establishes that the employee will receive compensation of 46,266.90 euros for the termination of the contract

The Madrid Court will investigate whether Miguel Ángel Rodríguez revealed reserved data of journalists

According to the judicial resolution, Miguel Ángel Rodríguez identified and disseminated the image of two journalists from El País who were in the vicinity of Isabel Díaz Ayuso's home.

The Police track the origin of the data leak of Sánchez, ministers and regional presidents

The investigation remains active since last January, when the dissemination of private information of the Minister of Transport, Óscar Puente, as well as of directors and officials of Renfe and Adif was detected.

Deleting your OpenAI account deletes ChatGPT, API, and DALL·E: the decision is irreversible

The deletion process implies that OpenAI deletes the profile, access credentials, conversation history, personalized settings, usage data, and billing information, except ...

15 million French patients affected by the largest medical leak of Cegedim Santé

Cegedim Santé, publisher of the MLM software used by 3,800 doctors in the country, reported that the incident was discovered upon detecting anomalous behavior in the application's requests.

SkyWest sues two former pilots for accessing data of 4,970 pilots through its intranet

Discover which company leaked your data using aliases in your Gmail address

Europe imposed more than 330 sanctions for data protection in 2025, exceeding 1,150 million euros

OpenAI activates a blocking mode in ChatGPT for high-risk journalists and activists

Lockdown mode is an advanced and voluntary security option. When activated, ChatGPT's web browsing is limited to the exclusive use of cached content, without access to real-time information from the Internet.

WhatsApp integrates Meta AI in Catalonia without option to deactivate it: what you can undo

There is no possibility to deactivate Meta AI on WhatsApp. Joshua Breckman, director of International Communications for the company, has explained that the tool works "like any other function" within the application.

Ten verified cases: when ChatGPT fuels obsessions and harassment against real people

The victims state that automated attacks are more overwhelming and traumatizing than conventional threats.

A failure in Virginia left without access to personal data to users in Barcelona, Paris and Frankfurt

The incident evidenced that, although data storage may be located in Europe, resource management depends in many cases on centralized services outside the European Economic Area.

304 profiles on networks offer loans in Spain: this is how they are distributed among TikTok, Facebook and X

The count carried out by the Maldita.es team has detected 104 profiles on TikTok, 100 on Facebook, and 100 on X dedicated to offering loans.

The AEPD details specific vulnerabilities of agentic AI in personal data

The guidelines directly address the doubts that may arise in entities and companies from Barcelona, Girona, or Tarragona when they consider using agent AI to manage personal data.

Ciberlupa tracks the Dark Web to notify you if your email was leaked since 2025

The Cyberlupa system constantly tracks sources used by cybercriminals, including forums on the so-called "Dark Web" and stolen data repositories.

62% of users fear their data will be used for unauthorized purposes in digital Catalonia

A 43% of users fear not being able to easily revoke access to their data, according to a Datacrédito Experian study cited by Certena.

An agent requests police protection after her data was leaked when she filed a lawsuit against a former boss

Google manages the data of 738,502 Andalusian students after six sanctions for violating the GDPR

Three thefts are enough: the new Penal Code sets 1 to 3 years in prison for repeat offenders

The reform modifies article 234 of the Penal Code and establishes that those who have been previously convicted of three theft offenses may face prison sentences of one to three years.

More than 700 Abu Dhabi Finance Week passports were exposed for two months

The summit, held in December, brought together more than 35,000 people, including ministers from the Government of the United Arab Emirates and senior executives from international financial firms

Wisconsin proposes banning VPNs on sites with 'sexual' content and requiring age verification

In the writing, the entity warns about the scope of the measure and its possible consequences for privacy and freedom of expression.

AI can access data marked as deleted, according to a Spanish study

Fine of €48,000 for using personal mobiles for work access tokens

The investigation began after a complaint related to the request for telephone numbers and dates of birth from workers during an internal training.

Hackers claim access to fiscal data of 47 million Spanish taxpayers

The Tax Agency has not issued any statement detailing whether the leak has occurred or what type of data could be compromised. The situation is under investigation.

Google warns you if your number or address appears in its search engine (and you can ask to remove them)

The user must enter the personal data they wish to monitor into the tool. These include name, nickname, phone number, email address, and physical address.

INCIBE warns: a simple "yes" on a call can authorize bank contracts without your permission

The technique known as vishing allows cybercriminals to obtain personal or financial information through deception.

A viral challenge in Catalonia gives AIs a precise X-ray of society

"We give them the information for free, packaged in a fun game, and they use it to take our money later with new products, services, or social networks" - María Aperador, cybersecurity expert

Your chats with AI can train the model: this is how your data is stored without you seeing it

According to Welivesecurity, conversations held on these platforms can be used to train artificial intelligence models if the default configuration is maintained.

One in four users does not know how to detect fake messages, according to Kaspersky

Kaspersky specialists have pointed out that many users, when seeking more precise results in these tools, enter additional data in the prompt or allow access to information linked to their profiles.

Google already allows deleting licenses, passports, and social security from its search results

The update makes it easy for any user to add official identification information directly from the Google app

Six sanctions and 781,200 people affected: the Council's setback to Education for Google Workspace

In Ubrique, frauds are detected with false donations and bank messages in the name of neighborhood associations

The lawyer Bea de Vicente has pointed out that identity thefts of legal entities are increasingly frequent

The Faublogs portal promises jobs in the Prosecutor's Office 2026, but the entity denies their existence

The audiovisual material invites users to apply for supposed professional and technical positions in the Attorney General's Office of the Nation for the year 2026, information that the entity itself has categorically denied

100% of the cartoons created by ChatGPT may include hidden technical metadata in the image

To obtain a caricature, the user initiates a conversation with ChatGPT and requests an image based on their message history. In many cases, the assistant requires a photograph to refine the visual details

Starlink uses personal data of 9 million users to train its artificial intelligence

The updated policy allows Starlink to access contact information, performance metrics, billing data, and, in some cases, communications data such as audio, electronic, or visual information

80% of leaks in Catalonia are due to simple passwords like 123456 or qwerty

According to data provided by the Mossos d'Esquadra and cybersecurity specialists, more than 80% of data breaches originate from overly simple passwords

Personal data breaches in the Valencian Community grew by 28% in 2025

The National Cybersecurity Institute has registered more than 130,000 incidents nationwide in 2025, which represents a 25% increase compared to the previous year

Discover which company leaked your data using aliases in your Gmail address

Some companies automatically eliminate aliases when processing email addresses, which hinders traceability and the tracking of possible leaks

Up to 400 euros daily: this is how the fake job offers on TikTok detected in Catalonia operate

The ads, which have been seen on user profiles in Barcelona, Girona, and Tarragona, include links that redirect to a WhatsApp chat with a foreign number

Europe imposed more than 330 sanctions for data protection in 2025, exceeding 1.15 billion euros

The media, telecommunications, and broadcasting sectors were responsible for more than 80% of the total sanctioned, placing these activities at the center of regulatory oversight

2,765 data breaches reported in Spain in 2025: only 11 cases referred for investigation

In the last year, more than 200 million communications have been sent to individuals affected by breaches considered high-risk

More than 3 provinces affected by fake DGT traffic fines in Catalonia

The emails include links that lead to fake web pages. On these sites, the alleged perpetrators try to obtain personal data, banking information, and passwords from the victims.

90% of teachers use AI in class, but only 48.5% trust data protection

71.6% use these systems primarily for planning and creating materials, while 84% maintain that AI generates more day-to-day work

€2,000 fine for recording patients: clinic sanctioned for camera in the dental office

The camera installed in the cabinet would include image recording during patient treatment in the operating room

300,000 Endesa customer records on the dark web: threat actor announces further leaks

According to Endesa, the intrusion allowed third parties to access sensitive customer information, including identification data, contracts, and in some cases, banking information

2,765 data breach notifications in 2025: one every three hours on average

The breaches that have impacted the largest number of people in 2025 are related to ransomware-type cyber incidents and intrusions into information systems that have allowed the exfiltration of large volumes of personal data

2 complaints in Burgos for false fine collections at homes

In one of the reported cases, an individual presented himself as an official from the General Directorate of Traffic and attempted to collect a fine at the person's home. The DGT does not collect fines at people's homes...

47 public officials from 15 communities affected by personal data breach

Among those affected are top political leaders such as Isabel Díaz Ayuso, Juan Manuel Moreno Bonilla, María Guardiola, Alfonso Fernández Mañueco, Imanol Pradales, Carlos Mazón, María Chivite, and Jorge Azcón

7 out of 10 users in Barcelona interact with AI without knowing it, according to a digital law expert

The integration of Artificial Intelligence into administrative processes and everyday services in Catalonia is irreversible. Naranjo Godoy states that the main challenge is learning to coexist with this technology ...

52% of users in Girona and Tarragona who installed Xuper TV already showed traces of malware

Until January 2026, Endesa did not confirm the scope of the ID and IBAN leak

The leak has exposed sensitive information such as ID numbers, bank IBANs, and customer contact details. Users from various neighborhoods in Barcelona and municipalities in the metropolitan area have reported on social media ...

An algorithm with decision-making power: how far does its influence extend over our rights?

16.3 million records leaked from PcComponentes: National ID numbers, orders, and bank details exposed

The total number of stolen records amounts to 16.3 million, according to information released by the X account of Hackmanac on January 20, 2026. National ID numbers, orders, invoices, physical addresses, contact details, bank card metadata...

Endesa confirms cyberattack: customer ID numbers and bank account numbers affected

The Spanish Consumers' Association asks Endesa to safeguard consumer access to money after yesterday's cyberattack

17.5 million Instagram accounts affected by data sale on the dark web

The stolen data is available for sale on the dark web and can be used for SMS fraud or other forms of digital deception

A TikTok video can install malware that steals bank accounts in seconds

According to the official alert, the identified videos can be found on various platforms, although the most prominent presence has been detected on TikTok

80% less risk of collisions after activating the V-16 beacon in urban areas of Catalonia

The agency clarifies that the General Directorate of Traffic does not access information about who has purchased each beacon. When a driver activates the device in case of breakdown or accident, the beacon only transmits the vehicle's geolocation

160,000 euros: fine for Supera for using fingerprints without complying with the GDPR

European regulations require that any processing of personal data, especially biometric data, be accompanied by measures to prevent unauthorized access and that the consent of the data subject be explicit

90 days after death: key deadline for companies to delete data without request

The law recognizes three fundamental rights for next of kin: access, rectification, and deletion of the deceased's personal data

The tool has already replaced a manual process in several municipal services in Girona since November

The tool automatically identifies names, addresses, and other personal data in both texts and PDF documents

9 out of 10 digital scams in Catalonia use the screen-sharing function to steal bank details

According to the National Police, the alleged criminals contact victims by posing as employees of banks, technical services, or trusted platforms.

Google activates tool to track your data on the Dark Web if you have a personal account

The tool analyzes compromised databases and notifies the user if it finds matches with the information selected for monitoring. A personal Google account is essential to configure the tracking report

LinkedIn and X better protect your privacy than Meta, according to new metric from UC3M and INCIBE

It is fundamental that society pay attention to which databases are storing their information and what protection they offer, as leaks can lead to dangerous practices if systems are not well designed

3 hackers arrested since July for leaking data of high-ranking officials, according to the National Police

The leak bears similarity to the one carried out in September by N4t0x, a minor arrested after disseminating data of Pedro Sánchez and other public officials

TikTok transfers European user data to China, according to the AEPD

In April, Ireland's Data Protection Commission (DPC) fined TikTok €530 million after concluding, in coordination with other national authorities such as the AEPD.

7 out of 10 users interact with AI without knowing it, according to a digital law expert

"When you upload a document, you lose control over it. Nothing is free. That information is usually stored in public clouds and can be reused" - Lorena Naranjo Godoy, UDLA

52% of users in Girona and Tarragona who installed Xuper TV already showed traces of malware

Cybersecurity experts warn that malware hidden in pirated apps like Magis TV and Xuper TV can capture passwords, access bank accounts, and track financial information

Protection of Personal Data: A Fundamental Right in the Digital Age