Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #30)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The Data Protection Authority for Luxembourg has updated its cookie guidance to expand on and give examples about necessary and non-necessary cookies, as well as dark patterns. Access the guidance here → (in French)
  • The Irish Data Protection Authority has posted a guidance on their website about checking vaccine certificates. Learn more here →
  • The Danish Data Protection Authority has made available a guidance for data controllers on managing data processors. Read it here →
  • The German Federal Cartel Agency has published an interim report on its investigation on messaging and video services. It presents which data the services generally collect and what the effects of interoperability would be. Full details here →

2) Notable Case Law

  • The Data Protection Authority for Luxembourg (the CNPD) has decided against a company for the non-compliant use of video cameras at the workplace and of geolocalisation tools in the employee’s cars. The Authority made an injunction for the company to inform employees individually of the data processing, its legal basis and their data subject rights. It also requested that non-employees visiting the workplace be informed. Read the decision here → (in French)
  • The Irish Data Protection Authority has issued a fine against a charity, on the basis that it had failed to implement the appropriate technical and organisational measures to ensure a level of security for high-risk data. Indeed, the organisation had made recordings of participants which could identify them. Read the decision here →
  • The Dutch Data Protection Authority has fined the Dutch Tax and Customs Administration, notably for processing personal data without the necessary legal basis, accuracy, purpose specifications, or storage limitation. It was also underlined that the Data Protection Officer had not been sufficiently involved. Read the decision here →

3) New and Upcoming Legislation

  • Hong Kong – The amended Personal Data (Privacy) Ordinance 2021 was detailed in the Privacy Commissioner for Personal Data’s newsletter. Applicable since the 8th of October 2021, the Ordinance increases the Authority’s powers to conduct criminal investigations into doxxing offences and makes disclosing personal without consent data a two-tier offence. Read the newsletter’s summary here →
  • Australia – A 217 pages-long discussion paper on the Privacy Act and potential changes to it has been published. It for example suggests limitations to the scope of consent. It is open for comments until 10th of January 2022. Read the paper here →
  • United States – After the Digital Accountability and Transparency to Advance Privacy Act was reintroduced last week, senators also introduced the Protecting Sensitive Personal Data Act. The emphasis of this Bill is on expanding the powers of the U.S. Department of the Treasury’s Committee on Foreign Investment, to notably allow them to request privacy declarations from foreign companies investing in the US. Read the Bill here →
  • Brazil – The Brazilian Data Protection Authority (the Autoridade Nacional de Proteção de Dados) has joined the Global Privacy Enforcement Network. The Network was created following OECD Recommendations and aims to facilitate cross-border enforcement and cooperation of privacy laws. Read the Authority’s press release → (available in Portuguese)

4) Strong Impact Tech

  • Facebook has declared that it would delete the faceprints to which about one billion of its users had opted into. The faceprints automatically recognised people in photos and were for instance used to authenticate users. However, they caused strong privacy concerns. Read the company’s blog post on the topic here →
  • Firefox is implementing a Global Privacy Control on its browser, which aims to enable people to exercise their right to opt-out under the CCPA and CPRA. Previously, several other browsers have built similar tools, for example, Privacy Badger or Brave. Firefox’s press release is here →

Other key information from the past weeks

  • Two UN agencies have launched the Data Disclosure Framework, for international service providers responding to data requests from foreign criminal justice authorities.
  • The General Privacy Assembly has adopted draft resolutions on Data Sharing for the public good, children’s digital rights, government access to data and the future of the Global Privacy Assembly.

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.