Issue 299

APAC

  • Indian government launched an updated version of the Aadhaar mobile application with focus on privacy and data security.
  • Constitutional Court of Indonesia upheld the validity of the Personal Data Protection law against constitutional challenge.
  • Shanghai’s Cyberspace Administration published information on data protection and cross-border transfer enforcement cases.

EMEA

  • European Data Protection Board and the Supervisor issued a joint opinion on the Digital Omnibus proposal on AI.
  • UK’s Information Commissioner Office released updated guidance on international transfers of personal information.
  • Spanish Data Protection Agency updated their FAQs to address common compliance questions.
  • France’s data watchdog fined a company EUR 3.5 million for unlawfully transmitting data to a social network for targeted advertising.
  • Italy’s Competition and Market Authority launched investigations into video game company for misleading practices.
  • Swedish Cybersecurity Act implementing the NIS2 Directive formally entered into force.
  • Hamburg’s Commission for Data Protection published a questionnaire on balancing interests under the GDPR.
  • The Dutch Data Protection Authority issued position paper on Omnibus Digital and Omnibus AI proposals.
  • Supreme Administrative Court of Finland gave its decision on processing of health data by insurance company.
  • Norway’s National Security Authority submitted proposal for regulations on cybersecurity certification.
  • Turkish Personal Data Protection Authority set the publication limit for data breach notices to 60 days.

Americas

  • New Jersey’s Privacy Protection Act on collection and sharing of certain personal information approved by both Houses.
  • US senators urged social media platforms to regulate inappropriate AI images on their platforms.
  • A New York bill on collecting and sharing personal health information referred to Assembly Committee.
  • Bills requiring consent for processing children’s data and biometric data introduced in Virginia’s Senate.
  • US district court approved a USD 30 million settlement in children’s privacy class action against technology company.
  • The Federal Communications Commission extended the effective date of the Telephone Consumer Protection Act rule on consent revocation.
  • California’s Privacy Protection Agency fined a data reseller USD 45,000 for failing to register as a data broker.
  • Child Data Privacy Protection Act aimed at preventing exploitation of children’s personal data introduced in New York’s Senate.
  • A New Jersey Senate bill was introduced to prohibit private entities from disclosing certain categories of personal information.