PrivacySignal
Enforcement

Amadeus IT Group Receives GDPR Fine

Inside Privacy (Covington) · · International · Enforcement

Spain's data protection authority fined Amadeus IT Group €18 million for GDPR violations tied to its Global Distribution System, which powers booking and travel data infrastructure used across the global travel industry. Amadeus voluntarily paid the fine, receiving a 20% reduction for doing so.

Why this matters: Amadeus is not a brand most travelers recognize, but its systems sit behind an enormous share of the world's flight, hotel, and travel bookings. That means the data at issue is not abstract — it is itineraries, passport details, payment records, and travel histories for millions of people. A fine this size signals that regulators are willing to go after the infrastructure layer, not just the consumer-facing companies. If the pipes that carry your data are not compliant, the fact that you never heard of the company running them does not protect you.

Who should care: Lawyers · Privacy officers · Compliance · AI governance · General readers · Policy

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

Enforcement
The Guardian — Tech · · International

Revealed: landmark Scottish AI project has no prospect of meeting renewables promise

A Guardian investigation found that a major £8.2bn AI datacentre project in Lanarkshire, Scotland, misrepresented its plans to supply large-scale renewable energy to the site. Both government officials and developers privately acknowledged a significant power provision problem, despite public promises of clean energy delivery.

Who should care: Lawyers · Privacy officers · Compliance · General readers · AI governance · Policy

#enforcement#ai Read original →
Enforcement
Q qz.com · · International

Amazon Ring sued over facial recognition privacy violation

Amazon's Ring has been hit with a lawsuit alleging that its devices used facial recognition technology in ways that violated users' privacy rights. The suit appears to center on the collection or processing of biometric data without adequate notice or consent.

Who should care: Lawyers · Privacy officers · Compliance · Cybersecurity · General readers · Policy

#enforcement#surveillance#privacy Read original →
Enforcement
HIPAA Journal · · US Federal

Employees Drop Class Action Lawsuit Against Stryker Over Hamdala Cyberattack

A consolidated class action filed by employees against medical technology company Stryker, stemming from a cyberattack in March 2026 attributed to the Hamdala threat group, has been voluntarily dismissed. The plaintiffs chose to drop the case rather than having it decided by a court.

Who should care: Lawyers · Privacy officers · Compliance · Healthcare professionals

#enforcement#healthcare Read original →
Enforcement
The Record · · International

Spyware found on phone of European Parliament member probing it

Researchers found that Stelios Kouloglou, a former European Parliament member who sat on the body's committee investigating commercial spyware abuses, was infected with Pegasus spyware twice while he was serving in that role.

Who should care: Lawyers · Privacy officers · Compliance · Cybersecurity

#enforcement#surveillance Read original →
Enforcement
A ABC15 Arizona · · International

Man ‘falsely arrested’ with facial recognition for cold case murder sues Phoenix PD, MCAO

A man is suing the Phoenix Police Department and the Maricopa County Attorney's Office after allegedly being wrongfully arrested for a cold case murder based on a facial recognition match. The lawsuit claims the identification was faulty and led to a wrongful deprivation of his liberty.

Who should care: Lawyers · Privacy officers · Compliance · Cybersecurity · General readers · Policy

#enforcement#surveillance#privacy Read original →
Enforcement
The Record · · International

Supreme Court decision threatens EU-US data transfer agreement

Privacy advocate Max Schrems has notified European officials of his intent to file a legal challenge against the EU-U.S. Data Privacy Framework, the agreement that permits personal data to flow from the European Union to American companies. Schrems, who previously dismantled two predecessor agreements, is citing a recent Supreme Court decision as grounds for the new challenge.

Who should care: Lawyers · Privacy officers · Compliance · AI governance

#enforcement#gdpr Read original →