Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #42)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The European Data Protection Board (EDPB) announced that it has published its 01/2022 Guidelines on the Right of Access. The EDPB stated that the guidelines aim to analyze different aspects of the right of access and provide more precise guidance on how it should be implemented in different situations. The guidelines will be subject to public consultation from January 28 to March 11, 2022. Access the full article here →

2) Notable Case Law

  • The Polish Data Protection Authority imposed a fine of PLN 45,000 (approximately €9,900) on Warsaw University of Technology for failing to implement appropriate technical and organizational measures to ensure the security of the personal data processed. An unauthorized person downloaded a database containing the personal data of students and teachers (more than 5 thousand people) from the resources of the controller’s computer network. Read the decision here (in Polish) →
  • The Deputy Data Protection Ombudsman issued a reprimand to Vastaamo psychotherapy centre for violating the GDPR and imposed an administrative fine of €68,000.00 on the company. Vastaamo had notified the Data Protection Ombudsman of an attack on its patient database in September 2020. Based on a technical investigation, the Authority found that the company had become aware that patient data was missing and may have ended up in the possession of an external attacker as early as March 2019. Full details here →
  • The Munich regional court fined a website operator for the transfer of users’ personal data, in particular, IP address to Google Fonts without the individuals’ consent in violation of the GDPR. Read the decision in German here → 
  • The Belgian Data Protection Authority published a decision concerning the use of cookies/trackers in which it reiterates the best practices for cookie compliance. Read the decision here → 

3) New and Upcoming Legislation

  • The UK – The UK government has announced the launch of the International Council of Experts on Data Transfer to address issues such as future data adequacy partnerships, the development of new data transfer tools, and how governments can work together to promote greater trust in sharing personal data for law enforcement and national security. The government has already outlined the first territories it will prioritize for its data adequacy decisions. Read the decision here →
  • The United States- Indiana’s Senate Commerce & Technology Committee voted 10-0 to advance Senate Bill 358 out of committee with a favourable recommendation. An amendment was proposed that changed the framework of the bill to mirror the Virginia Consumer Data Protection Act rather than the framework of the EU General Data Protection Regulation proposed in its original bill. Read the full article here →
  • The Eastern Caribbean States – Consulting Services begin the data protection legislation drafting process. The Organisation is using funding from the World Bank toward a consulting firm to draft “harmonized data protection legislation” in the Eastern Caribbean Currency Union. The OECS invites eligible consultants to express interest.

4) Strong Impact Tech

Other key information from the past weeks

  • The Italian Data Protection Authority (the Garante) has issued a 26.5 million euros fine and several orders to comply with an electricity and gas distributor.
  • The United Kingdom’s Data Protection Authority (the ICO) has released a statement on end-to-end encryption in response to the ongoing campaign #NoPlaceToHide.
  • In the United States, several attorney generals from different States are jointly suing Google over their alleged use of dark patterns.

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.