Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #82)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The Italian Data Protection Authority published its report on the number of data breach notifications and alerts received in the last quarter. The number seems low compared to other jurisdictions, but the surge in reports highlights a growing awareness of one’s rights.
    Read here → (in Italian)
  • The Spanish data protection authority (AEPD) has created a tool to help decide whether to notify a data breach to the supervisory authority. The tool, ‘Breach Advisory’, is free of charge. The AEPD receives about 1,500 data breach notifications per year, a high volume of situations where the Agency’s advice can be crucial for proper handling. Access here → (in Spanish)
  • TikTok has updated its privacy policy in Europe and disclosed details of company-wide access to user data. The update, which applies to countries in the European Economic Area, the UK, and Switzerland, explains that TikTok employees in other countries have access to data to maintain a ‘consistent, pleasant and secure user experience. Access here →

2) Notable Case Law

  • The Spanish Data Protection Authority (AEPD) imposed a fine of EUR 25,000 on Caixa Bank S.A. for a violation of Article 16 of the GDPR following a complaint by a customer. The sanction resulted from the failure of the company to update the complainant’s address, ignoring the multiple rectification requests sent by the same. Read about the decision on our blog →
  • The Italian Data Protection Authority (Garante) fined the company Servizio Idrico Integrato Spa for €15.000 after a complaint from a customer for the violation of the GDPR due to the missing encryption system for the user area on the webpage. The Authority’s summary can be found here → (in Italian)

3) New and Upcoming Legislation

  • The Czech Presidency of the Council of the European Union is on the verge of finalizing the text of the proposed Artificial Intelligence Act. The final version is expected to be approved on 18 November and signed by the ministers of the Transport, Telecommunications, and Energy Council on 6 December. Reported here →
  • After a Department for Culture, Media, and Sport (DCMS) official revealed a new consultation would be conducted into the Data Protection and Digital Information Bill, which is meant to replace the EU’s GDPR, the UK’s new post-Brexit data legislation is expected to suffer further delays. Read more →
  • The California Privacy Protection Agency has launched a 15-day comment period on the draft regulation of the amended California Privacy Rights Act. Specifically, the period will run until 21 November. Access here →
  • On 2 November 2022, Canada’s Minister for Innovation, Science and Industry stated that Bill C-27 would ‘set a new standard in children’s privacy. Read here →
  • The Argentinian Data Protection Authority (Argentina’s Agency of Access to Public Information) has started the process of reforming the personal data protection regime. Reported here →

4) Strong Impact Tech

  • During the second summit of the International Counter Ransomware Initiative, governments of 36 countries and the European Union pledged to develop coordinated guidelines to prevent and respond to ransomware incidents, work together and establish an international task force against ransomware. Access the fact sheet here →
  • Thomson Reuters confirmed a database loss that exposed at least 3TB of client data but attempted to downplay the significance of the incident. Read about it here →
  • A breach of Royal Mail’s ‘Click and Drop’ service leaked customers’ package data to other users. Due to what Royal Mail described as a technical problem, the leak included various personal data, including the subject of orders, order history, and customer details. Access the story on our blog →

Other key information from the past weeks

  • The German Data Protection Authority has issued an opinion regarding President Biden’s Executive Order (EO) to implement the US-EU data transfer framework.
  • The UK Information Commissioner’s Office (ICO) has issued guidance on processing activities involving biometric data. In this regard, the ICO specified the need to conduct a risk analysis before implementing an emotion analysis system that relies on the processing of biometric data of data subjects
  • The Digital Services Act was officially published in the Official Journal of the European Union on October 27, 2022, and will enter into force twenty days after its publication.

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.