Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #83)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The Garante Privacy is advancing in its assessment of the lawfulness of some online newspapers, which make access to their content conditional upon the consent to profiling treatments (through cookies or other tracking tools) or, alternatively, upon the payment of a sum of money, continues. For information on the lawfulness of the cookie wall in Europe, see here or access the official report here → (In Italian)
  • The Garante Privacy announced, on 11 November 2022, that it had launched an online tool for reporting unwanted phone calls to the Garante. In particular, the Garante stated that the new online tool will fully replace the previous reporting mechanism by means of a paper form and that it is part of a package of online services that the Garante is implementing to simplify its services to citizens. Access here →
  • A key European Union lawmaker has described meetings taking place at the beginning of November with the U.K. government over the country’s data protection reform plans as “appalling.” Reported here →
  • The Brazilian data protection authority (ANPD) announced, on 8 November 2022, that it had approved its regulatory agenda for the biennium 2023-2024. Access here → (In Portuguese)

2) Notable Case Law

  • The UK Data Protection Authority (ICO) imposed a fine of £160,000 on Zuwyco Limited for making more than 90,000 unsolicited calls for direct marketing purposes to subscribers who had been listed on the “no call” register for not less than 28 days, contrary to regulation 21(1)(b) of PECR. Read about it on our blog →
  • On November 3, 2022, the Spanish Data Protection Authority (AEPD) imposed a fine following reports on the use of minors’ personal information, the General Data Protection Regulation and Information Society Services and Electronic Commerce were both violated. Access here → (In Spanish)

3) New and Upcoming Legislation

  • The European Parliament adopted last Thursday the “Network and Information Systems (NIS) 2 Directive”, which requires EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions. Read the press release here →
  • According to the Californian website (govtech.com), a new privacy regulation might significantly alter how children and teenagers use the Internet nationwide as well as in California. Read more on govtech.com →

4) Strong Impact Tech

  • The United Kingdom’s National Cyber Security Centre (NCSC), the government agency that leads the country’s cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. Reported here →

Other key information from the past weeks

  • The Italian Data Protection Authority published its report on the number of data breach notifications and alerts received in the last quarter.
  • The California Privacy Protection Agency has launched a 15-day comment period on the draft regulation of the amended California Privacy Rights Act. Specifically, the period will run until 21 November.
  • The Spanish data protection authority (AEPD) has created a tool to help decide whether to notify a data breach to the supervisory authority.

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.