Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #116)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The implementation of executive order 14086 concerning the EU-U.S. Data Privacy Framework has been completed as confirmed by the U.S. Department of Justice and the Office of the U.S. National Intelligence Director (ODNI). EU and EEA member states have been designated with the possibility to file for redress under the proposed Data Protection Review court and ODNI has released the policies and procedures that will be applicable to the U.S. intelligence community. Press Release →
  • The Swiss Federal Data Protection and Information Commissioner has published it’s 30th Annual Report which covers the period between April 1, 2022, and March 31, 2023, for the section on data protection and 1 January to 31 December 2022 for the section concerning freedom of information. Press Release →
  • The United Kingdom and Singapore have signed two Memoranda of Understanding, one concerning emerging technologies and the other relating to data cooperation. Access here →
  • Brazil’s data protection authority, the Autoridade Nacional de Proteção de Dados, has published a guidance note on data processing activities in relation to academic purposes. See the guidance here → (In Portuguese)

2) Notable Case Law

  • The Swedish Authority for Privacy Protection (IMY) has ordered the companies CDON AB, Coop Sverige, Dagens Industri and Tele2 Sverige to stop using Google Analytics. Two of the companies were slapped with fines of SEK 12 million and SEK 300,000 respectively. Read the full story on our blog →
  • IMY fined Bonnier News AB (which now goes by the name Expressen Lifestyle AB) SEK 13 million (approx. €1.1 million) for processing personal data without the correct legal basis in violation of Article 6(1) of the GDPR. Press release → (In Swedish)
  • Further to the €1.2 billion fine issued against Meta by the Irish Data Protection Commission (DPC) on May 22, 2023, the Irish Times reported that the Irish High Court has granted Meta a stay to the five-month period to cease all EU data transfers to the US pursuant to the Irish DPC’s order. Read about the decision here →
  • Italy’s Data Protection Authority (Garante) fined Benetton Group €240,000 for violating data protection principles and security requirements in terms of Articles 5 and 32 of the GDPR. The Authority’s summary can be found here → (In Italian)
  • The U.S. Department of Justice together with the Federal Trade Commission have announced a permanent injunction and a $6 million civil penalty against education technology provider Edmodo who was allegedly collecting information on children aged under 13 years of age without parental consent in violation of COPPA Rules. Read here →

3) New and Upcoming Legislation

  • Pursuant to a “last-minute” amendment to the “Courts and Civil Law (Miscellaneous Provisions) Bill 2022” the Irish Minister for Justice has now sponsored the addition of a new section 26A which, if passed, would allow the Irish Data Protection Commission to declare practically all of its procedures “confidential”.
  • The proposed European Data Act has resulted in an agreement between the European Parliament and the Council regarding fair access and utilization of data. Read here →
  • US law updates

4) Strong Impact Tech

  • The MediaPost has reported upon Meta’s latest feature across all its social media apps which grants parental controls tools, thereby allowing parents to for instance see how much time their teens are spending on Messenger or receiving updates whenever news contacts are added. Reported here →
  • The Washington Post has reported that a class-action lawsuit has been filed against OpenAI by San Francisco based law firm, Clarkson which alleges that the ChatGPT chatbot incorrectly used people’s data and carried out copyright and privacy violations when users’ internet data, including social media comments and blog posts, were scraped to train its algorithms. Read the story here →

Other key information from the past weeks

  • The French company Criteo which specializes in ad-tracking activities concerning “behavioral retargeting”, was fined €40 million by the French data protection authority CNIL.
  • Tech radar has reported that the Singapore-based cybersecurity firm Group-IB has indicated that over 100,000 ChatGPT accounts have been stolen and thereafter sold on the dark web.
  • The EDPB has adopted a template complaint form together with a final version of recommendations “on the application for approval and on the elements and principles to be found” in the Controller Binding Corporate Rules.

đź‘Ť Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.