Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #122)

DPO Newsletter: Global Data Protection & Privacy News

To respect your inbox and ensure you receive only essential updates, we’re shifting from weekly to a monthly publication.

Rest assured, our commitment to keeping you informed on vital data protection and privacy matters remains steadfast. For time-sensitive news, we’ll still reach out sporadically.

1) Newly Published Documentation

  • The U.K. Information Commissioner’s Office (ICO) and the Competition and Markets Authority have jointly issued a position paper which highlights harmful designs in the digital market. These practices include lack of equal prominence of “accept” and “reject” buttons and granular choices, among others. The ICO intends to clamp down on these practices and take “enforcement action where necessary to protect people’s data protection rights”. Read here →
  • Finland’s Office of the Data Protection Ombudsman has issued a temporary order and Norway’s data protection authority, Datatilsynet, has issued a decision against Yango taxi service banning the transfer of customer data to Russia. Finland’s temporary suspension and Norway’s decision preempt the coming into force of “a new Russian law that will allow security services to obtain passenger data” as from September 1, 2023.
  • Further to the amendments to the California Consumer Privacy Act pursuant to the California Privacy Rights Act (CCPA as amended by the CPRA), the California Privacy Protection Agency has been granted an adequacy decision by the Dubai International Financial Centre (DIFC). Press release here →

2) Notable Case Law

  • The Spanish data protection authority (AEPD) imposed a fine of €90,000 on Masluz Energy Power SL for carrying out data processing activities without a legal basis to do so, further to telemarketing promoting better electricity rates. The AEPD also noted that the complainant’s consent to carry out the changes to the electrical provision was not proven. Read about the decision here → (in Spanish)
  • The Provincial Administrative Court in Warsaw upheld the Polish data protection authority‘s (UODO) decision to impose a fine of PLN 16,000 (approximately €3,600) on Esselmann Technika Pojazdowa for failure to report a data breach concerning the loss of an employee’s personal data. The court highlighted that on discovering a data breach, the controller has the obligation to immediately (within a maximum of 72 hours) notify UODO. Press release here → (in Polish)

3) New and Upcoming Legislation

  • The Presidency of the European Council has released a document which outlines the progress of the negotiations between the European Commission, the Council and the European Parliament in relation to the draft AI Act.
  • The Hill has reported that the US State of Georgia is keen to raise a bill concerning children’s online safety. Inspiration is drawn from the bill passed in Louisiana earlier this year and aims to address both age verification concerns and the requirement for parental consent when accessing social media platforms. Full story here →

4) Strong Impact Tech

  • Zoom, the globally renowned video conferencing platform, recently updated its terms of service. The modifications, at first glance, hinted that Zoom could use AI to analyze audio, facial movements, and even private conversations without any restraints. Read more here on iubenda →
  • A potential US$5 billion lawsuit may be heard before the U.S. District Court for the Northern District of California in relation to alleged user tracking in Google’s private mode. The lawsuit relates to 2020 claims where despite the use of incognito settings, it was discovered that “Google’s cookies, analytics, and tools continued tracking users.Full story on our blog →

Other key information from the past weeks

  • France’s CNIL has issued an opinion regarding two decrees concerning parental control standards for internet access.
  • The Guardian has reported that Google plans to update its policies and launch privacy tools which remove explicit personal images from web search engines.
  • The Irish DPC started an inquiry into TikTok’s data processing for users aged 13-17 and children under 13.

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.