Iubenda logo
Start generating


Table of Contents

DPO Newsletter: Data Protection & Privacy News (issue #76)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

Announcement from Politico:

“White House executive order on transatlantic data transfers expected next week, possibly Oct. 3. That means new Privacy Shield deal likely by March 2023”. Reported here →

1) Newly Published Documentation

  • Following the national Data Protection Authorities of Austria, France, and Italy, the Danish DPA (Datatilsynet) is the latest EU Authority to express its opinion on Google Analytics in a statement published on September 21, 2022. Datatilsynet stated that Google Analytics could not be used lawfully “in its current form without implementing supplementary measures”, a view that represents a “pan-European position among the supervisory authorities”. Read the press release here →
  • The French Data Protection Authority (CNIL) released a document about online age verification. The main types of age verification systems are analyzed in the document to clarify CNIL’s position on age verification on the Internet. It specifies how publishers could fulfill their legal obligations. Access here →
  • The non-binding opinion of the Advocate General of the EU Court of Justice, published on 20 September 2022, might open the door for antitrust watchdogs to assess compliance with data protection rules in future investigations. Read here →

2) Notable Case Law

  • Two class-action lawsuits have been launched against Meta on behalf of Apple iOS users for allegedly bypassing their privacy preferences. The complaints are based on data from former Google employee Felix Krause, who claims Meta attempted to recoup lost advertising revenue by adding a tracking code on external websites visited by their users while using the in-app browser for Facebook or Instagram. Reported here →
  • TikTok might face a £27 million fine following an ICO investigation that discovered the company may have violated UK data protection law by failing to protect children’s privacy when using the TikTok platform. For more information on this story, see our blog here →
  • The Italian Data Protection Authority (Garante Privacy) imposed a €70,000 fine on Unicredit S.p.A. following a complaint that alleged the failure of the company to reply to an access request forwarded by one of its employees. Reported here → (in Italian)
  • The Polish Data Protection Authority fined the Surveyor General of Poland PLN 60,000.00 due to the failure to notify a personal data breach. More information here →

3) New and Upcoming Legislation

  • The Washington Post reported that it would moderate a conversation on September 29 between U.S. House Committee on Energy and Commerce Chair Frank Pallone and Ranking Member Cathy McMorris Rodgers regarding the proposed American Data Privacy and Protection Act (ADPPA). Reported here →
  • During its open meeting on September 23, 2022, the California Privacy Protection Agency delivered an update on the California Privacy Rights Act rulemaking process. Read here →

4) Strong Impact Tech

  • Revolut, a startup, has acknowledged that it was the victim of a targeted cyberattack that allowed hackers to access the personal information of tens of thousands of clients. Reported here →
  • American Airlines recently announced to a certain amount of account holders and employees that it was the victim of a cybersecurity attack in July 2022 and that it is doing all it can to prevent a similar incident in the future. Read here →
  • Australia’s second-largest telco, Optus, has suffered a massive data breach, with the personal information of potentially millions of customers compromised by a malicious cyber-attack. Access more here →

👍 Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.