Issue 137


  • Hellenic data protection authority issued a fine of EUR 20 million on Clearview AI for GDPR violations.
  • Danish DPA ordered the Municipality of Helsingor to stop using Google Chromebooks and Workspace over GDPR violation.
  • French data watchdog ordered 22 communes to appoint a data protection officer
  • European Data Protection Board adopted the criteria to assess if cross-border cases are of ‘strategic importance’.
  • Berlin DPA began examining data processing contracts offered by web hosts over reports of incompatibility with the GDPR.
  • European Central Bank highlighted the protection of privacy as a key principle for the success of the digital euro.


  • US attorney generals urged the U.S. Congress to adopt a federal legal framework for privacy.
  • U.S. House Committee on Energy and Commerce released amendments to the American Data Privacy and Protection Act.
  • The Chair of the Federal Communications Commission began an inquiry into the privacy policies and practices of mobile carriers.
  • Google plans to abide by the Global Cross-Border Privacy Rules system.


  • Indian National Health Authority sought comments on the Consultation Paper on Data Sharing Guidelines.
  • Philippines’ National Privacy Commission requests comments on its circular on registration of personal data processing systems.
  • Singapore’s Personal Data Protection Commission published a guide on personal data protection considerations for blockchain design.
  • Japan’s DPA issued recommendations to a bankrupt company for violating the Act on the Protection of Personal Information.


  • Saudi National Cybersecurity Authority and U.S. Cybersecurity and Infrastructure Security Agency signed an MoU to promote cybersecurity cooperation.
  • Dubai International Financial Centre published guidance on controller and processor agreements and obligations.

Read our digital newsletter here.