International Privacy News – October 2025

01.11.2025

Zusammenfassung

This is a summary of data privacy-related news from around the world that we published on LinkedIn in October 2025.

4 Minuten Lesezeit

October was marked by high-profile privacy rulings, data breach fines, and new global data protection frameworks. Governments around the world advanced new digital laws, while regulators intensified oversight of AI, biometrics, and cross-border data flows. The month reflected both the growing maturity of privacy regulation and the deepening challenges of technological governance in a rapidly evolving digital ecosystem. Below, we summarize the key international privacy stories that we posted on LinkedIn in October 2025.

us Consumers Seek $2.36 Billion from Google (October 31, 2025)
Consumers demanded $2.36 billion from Google following a ruling that it collected app activity data without proper consent.
Read more

nl_nl Netherlands Fines Experian €2.7 Million (October 30, 2025)
Experian Netherlands was fined €2.7 million for collecting personal data without valid consent for credit scoring purposes.
Read more

en_gb OpenAI Offers UK Data Residency (October 29, 2025)
OpenAI will offer UK data residency under a government partnership to boost privacy and data sovereignty.
Read more

bn_bd Bangladesh Introduces Personal Data Protection Ordinance (October 28, 2025)
Bangladesh enacted the Personal Data Protection Ordinance 2025, recognizing data as a personal right and regulating cross-border transfers.
Read more

ga_ie Irish Regulator Independence Under Scrutiny (October 27, 2025)
Privacy groups warned that Ireland’s appointment of a third data protection commissioner could compromise the authority’s independence.
Read more

us U.S. Warns of Major Cyber Threat (October 24, 2025)
U.S. agencies reported an ‘imminent threat’ after hackers stole F5 Networks’ source code and vulnerability data.
Read more

eu EDPB Supports UK Adequacy Extension (October 23, 2025)
The European Data Protection Board endorsed extending the EU’s data-transfer adequacy decisions for the UK until December 2031.
Read more

en_gb Capita Fined £14 Million Over Cyberattack (October 22, 2025)
The UK’s Capita was fined £14 million for a 2023 data breach that exposed information of 6.6 million individuals.
Read more

zh_cn China Tightens Cross-Border Data Transfer Rules (October 21, 2025)
China’s new rules, effective January 2026, mandate certification for certain data exports to enhance governance.
Read more

ga_ie Ireland Considers Encryption Backdoor (October 20, 2025)
Ireland proposed an encryption backdoor for law enforcement, but privacy experts warned it would undermine security and user rights.
Read more

eu EU Consults on DMA–GDPR Enforcement (October 17, 2025)
The EU launched a public consultation on draft guidelines clarifying enforcement overlap between the Digital Markets Act and the GDPR.
Read more

en_au Australia Fines Clinical Labs AU$5.8 Million (October 16, 2025)
Australia’s Clinical Labs was fined AU$5.8 million for a Medlab data breach exposing personal information of 223,000 people.
Read more

eu EU Rolls Out Schengen Entry-Exit System (October 15, 2025)
The EU launched the new biometric Entry-Exit System, with the EDPB emphasizing strict oversight and privacy compliance.
Read more

en_ca Canada’s Privacy Regulators Unite on AI (October 14, 2025)
Canadian privacy regulators met in Banff to coordinate national efforts on AI, children’s privacy, and cybersecurity.
Read more

en_gb Clearview AI Subject to UK GDPR (October 13, 2025)
A UK tribunal confirmed that Clearview AI’s data scraping of UK residents falls under the UK GDPR.
Read more

hi_in India Adopts Biometric UPI Authentication (October 10, 2025)
India introduced biometric verification for digital payments, allowing users to confirm transactions via fingerprints or facial scans.
Read more

en_gb UK Police Arrest Two in Nursery Breach (October 9, 2025)
UK police arrested two people over a ransomware attack on a London nursery that exposed thousands of children’s data.
Read more

us Discord Data Breach Exposes ID Documents (October 8, 2025)
Discord confirmed a data breach through a support partner, leaking users’ personal data and scanned IDs used for age verification.
Read more

en_gb UK Order Accessing Apple Data (October 7, 2025)
The UK government issued an order enabling access to Apple users’ personal data for national security, reigniting tensions with the tech giant.
Read more

fr_fr UNESCO Publishes Digital Evidence Guidelines (October 6, 2025)
UNESCO and the International Association of Prosecutors released new global guidelines on digital evidence collection that safeguard privacy and free speech.
Read more

eu EDPS Calls for Human Oversight in AI (October 3, 2025)
The European Data Protection Supervisor urged stronger human oversight in automated decision-making to prevent opaque or biased outcomes.
Read more

en_gb UK Fines Firms for Unlawful Robo-Calls (October 2, 2025)
The UK’s ICO fined two energy firms £550,000 for unlawful marketing calls using AI-generated voice avatars.
Read more

en_ca Canada Finds TikTok Violated Child Privacy (October 1, 2025)
Canada’s privacy authority ruled that TikTok failed to protect children’s data and collected sensitive information without proper consent.
Read more

You can also follow us on LinkedIn to stay informed about the latest developments in data protection: https://www.linkedin.com/company/iitr-datenschutz-gmbh/

Über den Autor – Marvin Stellmacher

Herr Stellmacher ist zertifizierter Datenschutzbeauftragte (udis), zertifizierter IT-Sicherheitsbeauftragter (udis) und verfügt über eine abgeschlossene Berufsausbildung zum Rechtsanwaltsfachangestellten. Mit seiner beruflichen Erfahrung im Vertrieb von Legal-Tech Software verantwortet Herr Stellmacher bei der IITR Datenschutz GmbH Aufgaben in Vertrieb und Kundenbetreuung.

Kontakt: