Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #120)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The Norwegian data protection authority, Datatilsynet, has issued guidance on website analytics and tracking which includes but is not limited to: the maintenance of compliance with the GDPR, minimization of data collection and the avoidance of personal data flow to unsafe third countries.
  • The European Commission has announced the formation of a new alliance designated as “EU-LAC Digital Alliance” which it has entered into with the Caribbean and Latin American nations. Read here →
  • France’s CNIL has requested the public to provide comments on its draft recommendation on mobile apps until the October 8, 2023, following which the CNIL will examine the public participation and launch the finalized version of the recommendation. Access here → (In French)

2) Notable Case Law

  • In response to the case brought against Meta by the Australian Competition and Consumer Commission (ACCC) regarding deceptive data collection practices, the Australian Federal Court has imposed a collective fine of AUD 20 million on both entities. Read about the decision →
  • Norway’s Datatilsynet issued a decision on Google Analytics against the telecommunication company Telenor ASA in relation to its website, telenor.com. Datatilsynet concluded that “when the website used Google Analytics, personal data was transferred to the United States in violation of the rules.” It therefore issued a reprimand to this effect. Press Release → (In Norwegian)
  • Italy’s Garante fined Ew Business Machines S.p.A. (Ew) €20,000 for unlawful remote monitoring of employees further to a complaint filed by an individual. The Authority’s summary can be found here → (In Italian)
  • Further to the preliminary study into Meta’s new social network, Threads, Brazil’s Autoridade Nacional de Proteção de Dados (ANPD), has now opened an investigation. Read here → (In Portuguese)

3) New and Upcoming Legislation

US law updates:

  • Federal: The U.S. Senate Committee on Commerce, Science, and Transportation has approved Senate Bill 3663 which addresses the Kids Online Safety Act and Senate Bill 1628 concerning Children and Teens’ Online Privacy Protection Act, which would extend protection to minors aged up to 16 years of age. Press Release →
  • California: The California Consumer Protection Agency (CPPA) has clarified the steps required in the administrative enforcement process.
  • Oregon: House Bill 2052 concerning the registration of entities as data brokers was signed by the Governor.

4) Strong Impact Tech

  • France’s competition authority, L’AutoritĂ© de la Concurrence, informed Apple Group of an issue concerning its App Tracking Transparency framework. Reported here → (In French)
  • The Guardian has reported that the proposed surveillance changes in the U.K.’s Investigatory Powers Act of 2016, may prompt Apple to withdraw its iMessage and FaceTime services from the U.K. Read more on our blog →

Other key information from the past weeks

  • WhatsApp has updated its privacy policy by switching to the “legitimate interest” legal basis following the Irish Data Protection Commissioner’s sanction in January, where it was fined €5.5 million.
  • NOYB has now started a campaign against several Belgian news outlets, including among others RTL Belgium, the public service broadcaster VRT, newspapers Het Laatste Nieuws and L’Avenir.
  • The EDPB has adopted an information note for both individuals and entities carrying out data transfers to the U.S., which clarifies that no supplementary measures are required for transfers based on the adequacy decision.

đź‘Ť Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.