The Italian data protection authority, the GPDP, has published a guide to ensuring data protection in schools, which covers a wide range of issues related to the processing of personal data, from photos taken during school games to the use of smartphones in the classroom, from video surveillance to electronic records.

The guide also focuses on some of the issues that can have a negative impact on young people (such as cyberbullying, sexting) and the correct management of videos and photos taken at parties and school trips.

The Croatian supervisory authority imposed a fine of €5,470,000 on the debt collection company EOS Matrix.

The grounds for the fine were that the data controller failed to take adequate technical and administrative measures to ensure data security, processed personal data of persons who are not legal representatives of the debtor in debtor-creditor relations without relying on one of the conditions listed in Article 6 of the GDPR, processed health data of data subjects in breach of Article 9 of the GDPR, breached the obligation to provide transparent information to data subjects, and processed data of 49,850 data subjects in breach of general principles by recording telephone conversations without a processing condition.

Last year, Randal Quran Reid was taken into custody by Georgia police because facial recognition technology identified him on a surveillance camera in a stolen credit card case.

Sam Starks, Quran's lawyer for the system that misidentified him in the Louisiana incident, said: 'Even with standards and protocols in place, the use of this technology by law enforcement raises serious civil liberties and privacy concerns.

The lawsuit filed over the incident accuses the detective who conducted the procedures of false arrest, malicious prosecution and negligence, and seeks damages.

The ICO, the UK's data protection authority, has published guidance on how to conduct workplace monitoring lawfully and fairly in both the public and private sectors.

The guidance includes recommendations for lawful monitoring, such as informing employees, using the least intrusive means for the intended purpose, relying on explicit consent or other processing conditions, and keeping information limited to the purpose.

Air Canada announced that an unauthorised group of individuals gained access to the company's internal system and compromised the personal information of an unknown number of employees.

Peter Fitzpatrick, a spokesman for the airline, said no customers' personal information was affected by the breach.