Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #26)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The Spanish Data Protection Authority published a blog post on the differences between anonymised and pseudonymised personal data, and their legal implications. Read it here → (in Spanish)
  • The United Kingdom’s Information Commissioner’s Office (ICO) is organising a conference on the U.K.’s Age Appropriate Design Code, on October 20th. The conference is aimed at product teams. More information here →
  • The ICO has also submitted its comments to the UK Government’s open consultation on reforms to the current data protection regime. Read the comments here →
  • The Canadian Information and Privacy Commissioner has opened a public consultation on guidance concerning the police’s use of facial recognition tools. View the guidance (still open for consultation) →
  • The South Korean Data Protection Authority has issued guidance on the launch of an Agency dedicated to pseudonymised data. Read the press release here →
  • The Data Protection Authority of Hong Kong has issued an FAQ on the new EU Standard Contractual Clauses. Learn more here →

2) Notable Case Law

  • The Italian Data Protection Authority (Garante) has issued a fine against a company for contacting LinkedIn users without a proper legal basis. The fact that the user had a public profile did not suffice to justify sending messages to sell services and products. Read a summary of the decision here →
  • The Spanish Data Protection Authority (AEPD) has issued a fine against a telecommunications company for making direct marketing telephone calls and text messages without the data subject’s consent. The data subject had not previously been a client of the company, nor had they directly consented to receiving marketing. The company was fined €30,000. Read the decision here →

3) New and Upcoming Legislation

  • Italy – A decree was passed to amend the Personal Data Protection Code with regards to processing personal data by the public administration for the public interest. Access the decree here →
  • US (California)Two Bills were signed by the governor to amend the CCPA. With the first Bill, the CCPA was modified to describe how data breaches should be notified. Genetic data was also added to the definition of personal data. With the second Bill, the definition section was extended, to for example state that: Advertising and marketing” means a communication by a business or a person acting on the business’ behalf in any medium intended to induce a consumer to obtain goods, services, or employment“. Access the first Bill here → and the second here →
  • India – Amendments to the Personal Data Protection Bill are expected to be discussed by the Committee in charge on October, 20th 2021.

4) Strong Impact Tech

Other key information from the past weeks

  • In Germany, the Baden-Württemberg Data Protection Authority has modified its FAQ guidance on International Transfers, to include examples referring to the new Standard Contractual Clauses (SCCs).
  • The European Council has agreed on a negotiating mandate for the Digital Governance Act.

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.