In the latest episode of Fieldfisher’s Data and Privacy Matters podcast, hosts Lorna Cropper, Emma Yaltaghian and Sophie Gosling provide a comprehensive roundup of the key legal developments from October 2025. 

The team start by discussing the Irish DPC’s €530 million fine against TikTok, with the regulator finding that TikTok had not applied appropriate safeguards when transferring data to China and had fallen short on its transparency obligations. The team also reviewed the EDPB’s opinion on the UK’s adequacy decision, which welcomed continued alignment with EU standards but raised concerns over new ministerial powers introduced under the Data (Use and Access) Act. 

They continue with coverage of the ICO’s successful appeal against Clearview AI, confirming that the regulator can take enforcement action against overseas organisations processing UK residents' data - even if they are third party controllers and do not engage in such monitoring themselves. The ICO’s ongoing consultations were also discussed, including new guidance on enforcement and the upcoming charitable purpose soft opt-in for direct marketing.

The team reflects on the high-profile case of former MasterChef host Gregg Wallace, who brought legal action against the BBC for delayed responses to his data subject access requests, highlighting the operational and reputational risks of mishandled DSARs.

Finally, the team discusses several major enforcement actions. Capita was fined £14 million following its 2023 ransomware attack, Grindr’s €6.5 million penalty for unlawful data sharing was upheld in Norway, and the Dutch DPA fined Experian €2.7 million for unlawful credit profiling.