Issue 151


  • Germany’s Hessian data protection authority issued a statement warning responsible bodies to check the settings of the browsers they use for any data unintentionally transmitted to browser manufacturers.
  • Spanish data protection watchdog dismissed CaixaBank S.A.’s appeal against the EUR 25 thousand fine it imposed for violating the right to rectification under EU GDPR.
  • Parliament of Ukraine received a draft data protection law.
  • UK’s Information Commisioner’s Office issued a fine of EUR 4.4 million to Interserve Limited for failing to process personal data using appropriate technical and organisational measures.


  • The California Privacy Protection Agency released a revised version of the proposed regulations under the California Consumer Privacy Act of 2018, for public comments. The comments can be submitted until 21st November 2022.
  • The New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, regarding a cybersecurity incident that occurred in 2020.
  • The Department of Justice announced that it had filed a stipulation and agreement with Google to resolve a dispute regarding loss of data responsive to a search warrant issued in 2016.


  • Japan’s data protection authority announced that it had issued a report on the handling of personal information recorded from surgical videos.
  • Japan’s Personal Information Protection Commission issued an alert on the handling of personal information in medical institutions.
  • India’s IT Ministry announced that the IT (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules 2022 has been published in the Official Gazette.