Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #99)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The EDPB has adopted its opinion on the European Commission’s draft adequacy decision regarding the EU-US Data Privacy Framework (DPF). The DPF is meant to replace the Privacy Shield which was invalidated by the CJEU in the Schrems II judgment and is applicable to U.S. organizations which have self-certified and fall within the jurisdiction of the Federal Trade Commission or the Department of Transportation. Read on our blog here →
  • NOYB has filed a series of complaints against websites and data brokers that did not correctly address access requests using cookies as an authentication factor. Read here →
  • “Privacy by design and privacy by default” guide has been published by the Spanish autonomous region of Catalonia’s DPA, with the aim “to enable developers, and controllers who commission them to develop applications, to identify the different important elements for personal data protection, and the steps that can be taken to deal with it right from the moment of design.” Access here →

2) Notable Case Law

  • The German Federal Cartel Office published Procurement Chamber Decision No. VK2-114/22. The decision concerned the potential exclusion of a bid made by a German data processor which is a subsidiary of a US parent company, on the grounds of GDPR violations in association with unlawful data transfers to the US.
  • Datatilsynet is currently investigating Telenor Group’s website telenor.com, and its previous use of Google Analytics. The investigation comes after a general complaint lodged by NOYB which holds that websites using Google Analytics and consequently transferring personal data out of the EEA, are in violation of the GDPR. Is Google Analytics illegal in Europe? What you need to know →
  • TV2 MĂ©dia Csoport Zrt (TV2), which operates two websites, was fined the equivalent of approximately 25,000 euros by the Hungarian Supervisory Authority for failure to maintain legal compliance of its cookie consent management framework. Read about the decision here →
  • The US Federal Trade Commission issued a proposed order banning the BetterHelp organization from revealing consumers’ data, including sensitive mental health information, to social media giant Facebook and other entities for targeted advertising. BetterHelp was ordered to pay a $7.8 million fine for deceiving consumers after promising to keep sensitive personal data private. Reported here →

3) New and Upcoming Legislation

  • UK: The House of Commons has introduced the Data Protection and Digital Information (No. 2) Bill which intends to regulate among others the processing of information of identifiable individuals including their biometric data, accessing privacy and electronic communications.
  • Kentucky: Senate Bill No. 15 on consumer data privacy has moved forward and was referred to the Rules Committee with amendments.
  • Texas: House Bill No. 18 which relates to the protection of minors from harmful, deceptive, or unfair trade practices in connection with the use of certain digital services was read for the first time and referred to the House Youth Healthy and Safety Committee.
  • US Senate: The Parental Data Rights Act was introduced pursuant to a bill “To permit parents to bring a civil action against social media companies that fail to provide parental access and data control rights with respect to the social media accounts of minor children, and for other purposes” by U.S. Senator for Missouri. Read here →
  • California: A joint letter was sent to the U.S. Congress by the Governor of California, the California Attorney General, and the Executive Director of the California Privacy Protection Agency, opposing the pre-emption provisions in the American Data Privacy and Protection Act. Press Release →

4) Strong Impact Tech

  • The BfDi has published FAQs in relation to the TrustPID platform, which is currently under construction. The platform may be seen as an alternative to the widespread personalized advertising based on third-party cookies, and it is intended to recognize users pursuant to their IP address. Press release →
  • Canada follows suit of its European and American counterparts and announces a ban on the use of TikTok on government mobile devices. Reported here →

Other key information from the past weeks

  • The EDPB has published 3 new guidelines. The guidelines offer designers and social media users recommendations on how to avoid deceptive design patterns.
  • The Brazilian Data Protection Authority (ANPD) published regulations for the application of administrative sanctions, which will empower the ANPD to give sanctions for non-compliance with the General Data Protection Law.
  • The Australian government has agreed to significant metadata reform. The Mandatory Data Retention Regime helps law enforcement and intelligence services immensely, yet it lacks openness and sufficient protections.

đź‘Ť Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.