Issue 147


  • French data protection authority published a checklist for data controllers creating health data warehouses.
  • European Commission proposed for an AI Liability Directive containing rules regarding damages caused by AI systems, including breach of privacy.
  • Government of Andorra approved and published regulations for the application of the personal data protection law and establishment of the Andorran Data Protection Agency.
  • UK’s Information Commissioner’s Office launched a public consultation on the impact of the Children’s code. Responses may be submitted by 11 November 2022.


  • The Facial Recognition Act of 2022 has been introduced in the U.S. House of Representatives which places strong limits and prohibitions on law enforcement’s use of facial recognition technology.
  • Senate Bill for a Personal Data Privacy Act has been introduced in the Michigan Senate.
  • California Governor signed the bill on privacy in the provision of mental health digital services.
  • Electronic Privacy Information Centre filed an amicus brief in the case of New Jersey v. Arteaga to support the right to know how the facial recognition system identifies defendants.


  • India’s Ministry of Communications initiated a public consultation on the draft Telecommunication Bill, 2022. Comments may be provided till 20 October 2022.
  • Japan’s Personal Information Protection Commission issued guidance to BIPROGY Co., Ltd. for violations of the APPI relating to the security of processing.
  • Australia’s Cyber Security Centre issued steps for affected customers to mitigate risks after Optus cyber-attack.

Read our digital newsletter here.