Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #44)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The UK’s Information Commissioner’s Office (ICO) has published updated guidance on pseudonymization this month, February 2022, which is part of the more general “Draft on anonymization, pseudonymization, and privacy enhancing technologies guidance.” Access the draft here →
  • The EU Commission has released a new study on monitoring the volume of data flowing to main cloud infrastructures across the 27 Member States, Iceland, Norway, Switzerland, and the UK. Read the full study here →

2) Notable Case Law

  • The French Data Protection Authority (CNIL) has decided that the transfers of data collected through the Google Analytics service are illegal. The CNIL has ordered a French website manager to comply with the GDPR and, if necessary, to stop using this service under the current conditions. Read about the decision here →
  • The Spanish DPA (AEPD) imposed a fine of €2.000.000 on Amazon Road Transport Spain for illegally collecting employee data related to criminal offences. However, the Authority found that the international transfer of personal data carried out by Amazon is compliant with Article 49 (1) of the GDPR.
  • CaixaBank Payments & Consumer EFC EP SA have also received a penalty of €3.000.000 from the AEPD in relation to the lack of specific and informed consent for the automated profiling and decision-making carried out by the controller for commercial purposes. (Decisions in Spanish)

3) New and Upcoming Legislation

  • EU Commission – Progress in the discussion on the “AI Act.” The first draft of the EU Parliament report on the matter should be available next April. Read more here →
  • Brazil – The Brazilian National Congress has approved a constitutional amendment making personal data protection a fundamental right. See the amendment here → (in Portuguese-Brazilian)

4) Strong Impact Tech

  • IAB Europe announced that it will appeal the Belgian Data Protection Authority (APD) ruling regarding IAB Europe and the Transparency & Consent Framework (TCF) to the Belgian Market Court. Full details here →
  • The Oversight Board of Meta has recommended in its policy advisory opinion that sharing of private residential information should not be allowed even when the data is publicly available. Click here for the full article →

Other key information from the past weeks

  • The Italian DPA (Garante Privacy) published its Inspection Plan for the first half of 2022. The inspection activity of the Garante will focus on the processes that concern, among others, database providers for telemarketing activities and platforms and websites regarding the correct management of cookies.
  • The First Code of Conduct for Data Protection in Cloud Infrastructure goes live.

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.