Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #6)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The European Data Protection Board (EDPB) has adopted two Opinions on the first transnational Code of Conduct. Read the EDPB press release here →
  • The Italian Data Protection Authority (the Garante) has issued Guidelines and FAQs clarifying the role of the Data Protection Officer. Read the official press release here → (available in Italian)
  • The Spanish Data Protection Authority (the AEPD) has issued Guidelines on Data Protection in Labour Relations and on Data Breach notifications. (available in Spanish)
  • The Brazilian Chamber of Deputies (the ANPD) has published a technical report on the impact of data breaches, notably clarifying the country’s Data Protection Authority (the ANPD)’s role. Read the report here → (available in Portuguese)

2) Notable Case Law

  • The UK Data Protection Authority (the ICO) issued a £90,000 fine to American Express Services Europe for sending marketing emails to customers who had opted-out from them. Read the ICO’s summary here →
  • The French Data Protection Authority (the CNIL) has concluded its first investigations into compliance with the existing cookie legislation, including the Cookie Guidelines and Recommendations. As a result of this investigation, the CNIL found that about twenty organizations did not allow data subjects to reject cookies as easily as accepting them, and therefore asked them to comply within a month’s time. Read our post on the French cookie consent requirements here →
  • The Italian Garante found that the law decree (of 22 April 2021, no.52) does not represent a valid legal basis for the introduction and use of green certification for Covid-19 at a national level, and was contrary to the GDPR. More on the decision here → (available in Italian)

3) New and Upcoming Legislation

4) Strong Impact Tech

Other Key information from the past weeks:

  • The Irish High Court has dismissed Facebook’s procedural complaint against the Irish Data Protection Authority’s preliminary order to suspend the company’s data transfers from the EU to the US.
  • Google Play is introducing a “safety section”, requiring app developers to visibly indicate what data their app collects and stores, as well as how it is processed.

📬 Want more news like this delivered to your inbox? Join the list @ dponewsletter.com

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.