Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #32)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The French Data Protection Authority (the CNIL) has issued recommendations on storing log data. Read here →
  • In March 2022, the Office of the Privacy Commissioner of Canada is to launch a consultation linked to a federal privacy law reform, in accordance with Bill to reform Canada’s federal private sector privacy law (Bill C-11). Read the press release →
  • The European Data Protection Board (EDPB) has opened a consultation on the draft Guidelines on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR, setting a list of criteria to define data transfers. Read the draft →
  • The EDPB has also published a statement on the Digital Services Package and Data Strategy. Read here →

2) Notable Case Law

  • The French, Polish and Lithuanian Data Protection Authorities have launched an investigation into the company Vinted, notably on the principles of data minimisation and on the retention periods. Read the EDPB case summary →
  • The Polish Data Protection Authority (UODO) issued a fine against a bank for insufficiently responding to a data breach they suffered from. The Authority also took into account the bank’s lack of cooperation. Read the EDPB case summary →
  • The Spanish Data Protection Authority (the AEPD) has issued a 2,000 euro fine against a company for failing to provide information about the personal data they processed. Several aggravating factors were taken into account, notably the lack of cooperation with the AEPD. Read the case here →

3) New and Upcoming Legislation

  • European Union – The European Parliament’s Committee on the Internal Market and Consumer Protection (IMCO) has adopted the proposal for the Digital Market Act. This Act would regulate companies considered to be “gatekeepers”. Read the Parliament’s press release here →
  • India – The Personal Data Protection Bill is to be voted on during the Parliament’s Winter Session, starting at the end of November.
  • UK – The consultation period on the UK’s “Data: a new direction” expired November 19th, 2021.

4) Strong Impact Tech

Other key information from the past weeks

  • The AEPD has issued a 5,000 euro fine against a company for sending marketing emails without obtaining the recipient’s prior consent.
  • Bitcoin has updated its Taproot code, which arguably improves the network’s privacy and security.

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.