Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #86)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The European Data Protection Supervisor (EDPS) and the European Union Agency for Cyber Security have signed a Memorandum of Understanding to establish strategic cooperation on data protection and cyber security. The two organizations described the Memorandum as a collaboration to “design, develop, and deliver” awareness-raising initiatives and coordinated cooperation on “cybersecurity aspects of data protection.” Read here →
  • Regarding the proposed EU-US data privacy framework, the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has released his thoughts. Access here → (In German)
  • Instruction regarding the transfer and/or sale of client files was published by the French Data Protection Authority (CNIL). Read here → (In French)
  • The Information Commissioner’s Office (ICO) and Ofcom, the communications regulator, released a joint statement on their coordinated approaches to data protection and online safety. Read the statement here →

2) Notable Case Law

  • Following an investigation into data scraping, the Irish Data Protection Commission (DPC) announced the publication of the final decision in which it fined Meta Platforms Ireland Limited, acting as a data controller of the social media network Facebook, €265 million and issued a reprimand and corrective actions for violations of Articles 25(1) and 25(2) of the General Data Protection Regulation (GDPR). The Authority’s decision can be found here →
  • In connection with signing a contract for telephone services, the Italian Data Protection Authority (Garante Privacy) fined Vodafone €500.00 for contravening the GDPR’s principle of fairness and transparency. Access the decision here →
  • The Italian Data Protection Authority (Garante Privacy) fined Douglas €1.4 million for improperly storing the data of almost 3 million clients without their permission. Read here → (In Italian)
  • The French Data Protection Authority (CNIL) launched an investigation after receiving several complaints and fined the electric utility firm EDF €600.000 for numerous data protection violations related to commercial prospecting. Read the official summary here →

3) New and Upcoming Legislation

  • The Council enacted the NIS2 Directive, legislation for a high uniform level of cybersecurity across the Union, to increase the resilience and incident response capacities of the public and private sectors and the EU as a whole. Access the press release here →
  • According to CNBC, a letter to US Senate senators was sent by more than 90 civil society advocacy organizations opposing the adoption of the proposed Kids Online Safety Act. Read here →
  • The “Privacy Legislation Amendment Bill 2022,” which changes the Privacy Act 1988, has received final approval from the Australian Parliament. Access the new Bill and more information on our blog →

4) Strong Impact Tech

  • The Data Protection Authority (DPC) of Ireland has requested information from Twitter on a data scraping incident that resulted in the online disclosure of millions of Twitter users’ profile information, including emails and phone numbers. Reported here →
  • In connection with a lawsuit alleging copyright violations from a Teach, the Delhi High Court issued an order that Telegram complied with. The teacher who filed the lawsuit said that several Telegram channels were reselling her study materials at a discount without her consent. Read about this here →

Other key information from the past weeks

  • Since leaving the European Union, the UK has made its first adequacy decision. The Department for Digital, Culture, Media, and Sport (DCMS) revealed the conclusion of the UK’s adequacy decision regarding South Korea.
  • Facebook, owned by Meta, has been demanded to stop collecting personal data for the purpose of marketing and advertising after a lawsuit was launched in the High Court of England and Wales.
  • The Belgian Data Protection Authority (APD) issued a ruling in a matter regarding whether the controller could retain the request and the subject’s name after the data subject requested that his or her personal information be deleted

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.