Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #85)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • Since leaving the European Union, the UK has made its first adequacy decision. The Department for Digital, Culture, Media, and Sport (DCMS) revealed the conclusion of the UK’s adequacy decision regarding South Korea. Read the press release here →
  • In order to help businesses meet the EU’s General Data Protection Regulation requirements, the state commissioner for data protection and freedom of information in Baden-Württemberg has published a code of conduct for data controllers. Access here → (in German)
  • Five developing technologies and their effects on data protection and privacy were the subjects of a brief report issued by the European Data Protection Supervisor (EDPS). These innovations include:
    • Smart Vaccination Certificate
    • Synthetic Data
    • Central Bank Digital Currency
    • Just Walk Out Technology
    • Biometric Continuous Authentication
    • Digital Therapeutics

2) Notable Case Law

  • After learning of potential data protection violations, the Spanish Data Protection Authority (AEPD) opened an inquiry against BURWEBS S.L. Read about the decision here → (in Spanish)
  • The Belgian Data Protection Authority (APD) issued a ruling in a matter regarding whether the controller could retain the request and the subject’s name after the data subject requested that his or her personal information be deleted. The Authority’s summary can be found here → (in French)
  • The Austrian Federal Administrative Court (FAO) confirmed the Austrian Data Protection Authority’s (DSB) legal opinion that data used for advertising (which statistically determined probability values attributed to a person by the controller) are data of a special category under Article 9 of the General Data Protection Regulation (GDPR). Reported here → (in German)

3) New and Upcoming Legislation

  • The Czech Presidency of the Council of the European Union has published a revised draft of the proposed Cyber Resilience Act, legislation that would enact cyber security rules for connected devices and related services. National limits on digital products, particularly those linked to national security, are not prohibited by the EU. Reported here →
  • The implementation of the AI regulation is addressed in a new compromise text that MEPs Dragoş Tudorache and Brando Benifei shared. The AI Act aims to put artificial intelligence on the basis of risk and growth. The compromise language gives the national supervisory body the authority to, under certain conditions, conduct unannounced on-site and remote inspections, collect samples of high-risk systems, and gather proof of non-compliance. Read more here →

4) Strong Impact Tech

  • Facebook, owned by Meta, has been demanded to stop collecting personal data for the purpose of marketing and advertising after a lawsuit was launched in the High Court of England and Wales. Reported here on our blog →
  • The Markup has found that major tax preparation companies, including H&R Block, TaxAct, and TaxSlayer, have been covertly sending private financial data to Facebook when Americans file their taxes online. Read more here →

Other key information from the past weeks

  • A preliminary announcement from the European Commission in response to the White House’s recent executive order linked to EU-U.S. data transfers is expected during the first half of next month, according to two individuals with knowledge of the matter.

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.