The UK government is exploring a national cross-airline blacklist to bar persistently disruptive passengers from flying with any carrier; airlines say the scheme could be managed jointly with industry and government, but concerns over data protection/GDPR rules and how sharing would work remain, with meetings planned to discuss implementation.
Meta is facing employee backlash over its Model Capability Initiative (MCI), a tool reportedly tracking U.S. workers’ mouse movements, keystrokes, and other activity to train AI agents. Critics say the scope could extend to code changes, device sleep/wake cycles, and clipboard contents, and may run afoul of GDPR if EU data is implicated; Meta says MCI is installed only on U.S. computers with safeguards and informed non-U.S. employees, but Reuters reports and internal concerns have raised questions about transparency and data usage.
Google Chrome reportedly rolled out a 4GB on-device AI model called Gemini Nano to eligible desktops between late April and early May 2026 without user consent or a prompt. The model runs locally (not via Google servers) and can be removed by toggling off On-device AI or uninstalling Chrome, with specific steps for Mac and Windows to detect and delete the files. Google says the model will auto-uninstall if resources are insufficient and has introduced a setting to disable or remove it; privacy advocates warn the rollout could violate GDPR and raise concerns about transparency and user control.
The Register exposes a sprawling, cookie-heavy ad‑tech ecosystem driven by AI, listing dozens of vendors and the data they gather (IP addresses, device identifiers, precise locations, user profiles) with cookie durations spanning from days to years. While some vendors cite consent or legitimate interest, others rely on alternative storage or “no cookies,” underscoring the scale of online tracking and the resulting privacy and regulatory concerns.
Cloud Imperium Games revealed a data breach that exposed metadata, contact details, usernames, dates of birth, and names, but waited five weeks after the January 21 incident to inform players. CIG says no financial data or passwords were stolen and that it contained the breach, yet the delayed disclosure has sparked fury among players and raised GDPR-related concerns for a UK-based company amid a long-running, heavily invested community.
Europe‑based users of Meta’s Ray‑Ban AI glasses may unintentionally share intimate videos and sensitive data with human moderators outside the bloc, as live AI annotation can involve reviewing captured footage. Svenska Dagbladet’s reporting cites Kenyan workers reviewing material—including nude scenes and credit‑card numbers—and notes Meta’s policies allow human review of such data. This raises GDPR transparency concerns, with Meta saying only that data is processed under its AI Terms and Privacy Policy; the company did not comment further.
EU's Data Protection Commission launches a second large-scale GDPR probe into X over Grok's nonconsensual sexual image generation, after reports of millions of generated images—including thousands depicting children—and amid broader Digital Services Act scrutiny.
European data privacy authorities have opened a formal probe into X, Elon Musk’s platform, over sexualised AI-generated imagery and how it is handled under EU privacy rules, potentially leading to enforcement if rules are found to have been violated.
Britain’s Information Commissioner's Office has launched a GDPR inquiry into X and its Grok AI after the tool generated non-consensual, sexually explicit deepfakes, scrutinizing safeguards in Grok’s design and deployment and potential data-protection breaches.
Debian's Data Protection Team has become inactive as all volunteers have stepped down, leaving the project without dedicated personnel to handle GDPR and privacy issues. The Debian Project Leader has called for new volunteers, emphasizing the importance of experience and trust, to help re-establish the team and address data protection concerns.
The EU Commission is drafting a controversial 'Omnibus' reform of the GDPR through a fast-track process, which critics argue would significantly weaken data protection principles, benefit big tech companies, and undermine fundamental rights, especially under the guise of 'simplification' and 'clarification.' The draft includes extensive changes such as narrowing the definition of personal data, limiting user rights, and facilitating AI training with personal data, raising concerns about legal validity and fundamental rights violations.
Meta has started rolling out AI features for its Ray-Ban Meta AR glasses in France, Italy, and Spain, allowing users to interact with Meta's AI assistant in their native languages. However, these features do not include the multimodal capabilities available in other regions. The rollout follows Meta's efforts to comply with European regulations, including the AI Act and GDPR, which have previously led to concerns and adjustments in their data training practices. Meta plans to expand these features to more European countries in the future.
Spain's data protection authority has ordered Worldcoin to temporarily stop collecting and processing personal data in the country due to privacy concerns, using powers contained in the GDPR. The controversial blockchain crypto project, which scans eyeballs to create a unique identifier, has faced scrutiny from European privacy regulators and has been the subject of complaints related to data processing transparency, collection of data from minors, and withdrawal of consent. Worldcoin's regional rollout in several European markets, including Spain, has attracted attention from data protection authorities, with Spain taking unilateral action to protect local users. The company's DPO has accused the AEPD of spreading inaccurate claims and circumventing EU law, while the AEPD has ordered the immediate cessation of data processing to protect individuals' rights and freedoms.
European consumer groups have accused Meta, the owner of Facebook and Instagram, of engaging in "massive" and "illegal" data collection practices, filing complaints with national data protection authorities. They claim that Meta collects excessive user data, infringing on the General Data Protection Regulation (GDPR). Meta disputes the allegations, stating that they comply with GDPR and have overhauled privacy practices. The complaints could lead to further legal action against Meta, which was fined €1.2 billion last year for GDPR violations. Additionally, the company's subscription service for ad-free versions of its platforms is criticized for offering an unfair choice and lack of transparency in data processing.
Meta's controversial "consent or pay" model in the EU, which requires users to agree to be tracked and profiled for ad targeting or pay for an ad-free subscription, has triggered complaints from consumer rights groups. The groups argue that Meta's model violates GDPR principles and is coercive, lacking transparency and a valid legal basis for processing personal data. The complaints could lead to penalties and enforcement action, potentially forcing Meta to reform its business model. The European Commission is also overseeing enforcement of Meta's compliance with newer regulations, and the company's consent choice is facing scrutiny from multiple avenues.