Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #45)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • In February 2022, the UK launched the International Data Transfer Agreement (IDTA) as a compliance tool for data exporters performing restricted transfers. The IDTA and the Addendum to the European Commission’s Standard Contractual Clauses (SCCs) for international data transfers will take effect on March 21, 2022, and will replace the present SCCs. Read full details here →
  • The Spanish DPA (AEPD) has published a checklist to assist in the performance of Data Protection Impact Assessments (DPIA). The list helps those carrying out the assessments to ensure that all required elements are included in the DPIA. Access the checklist here → (in Spanish)
  • The Irish DPA (DPC) has published guidelines for organizations on carrying out Data Protection Impact Assessments (DPIA). The DPIA process will assist in making well-informed decisions on the acceptability of data protection risks. See the benefits of conducting a DPIA here →

2) Notable Case Law

  • Due to cookie-related violations, significant fines of EUR 60 million and EUR 150 million were imposed on Facebook Ireland Limited and Google LLC and Google Ireland Limited. In particular, one website offered a one-click mechanism to accept the cookies and required several clicks to refuse them. Read the report here → (in Italian)

3) New and Upcoming Legislation

  • India – The Indian Personal Data Protection Bill of 2019 may be replaced by a completely new privacy bill in the upcoming months. See full details here →

4) Strong Impact Tech

  • After a decade-long lawsuit, Facebook has agreed to pay $90 million to resolve a privacy complaint accusing it of tracking users’ online behavior even after they have signed out of the social networking platform. Read the decision here →
  • Google will stop cross-app tracking on Android phones. Access the article here →

Other key information from the past weeks

  • Under the Coordinated Enforcement Framework of the European Data Protection Board (EDPB), 22 national DPAs have launched an investigation on the public sector’s use of the cloud.
  • The Office of the Privacy Commissioner of Canada published guidelines for manufacturers of Internet of Things devices on the privacy-related aspects.

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.