Issue 152


  • The Court of Justice of the EU released a judgement in court case, ordering controllers to inform internet search engine providers of a request for erasure by the data subjects.
  • European Parliament adopted the proposal for a directive on measures for a high common level of cybersecurity across the EU.
  • Slovak Republic’s Office for the Protection of Personal Data published opinion on consent collection.
  • UK’s Information Commissioner’s Office launched consultation on how it prioritises the complaints about public bodies handling of freedom of information requests. Responses can be made till 19 December 2022.


  • Oregon’s Attorney General along with 39 other state attorneys general announced a USD 391.5 million settlement with Google, for unauthorised location tracking.
  • Michigan Medicine notified patients about phishing scam on employee emails, exposing health information of about 33,850 patients.
  • US District Court for the Northern District of Illinois released judgement, awarding USD 228 million to class members for violations under the Illinois Biometric Privacy Act.
  • Oregon’s Senator issued press release urging protection of Americans’ passport data.


  • MeitY likely to introduce new data protection law with penalty of upto INR 200 crore, remove data localisation and non personal data. Reports Indian Express
  • Korea Communications Commission established safety system that can prevent mobile phone data leakage in the secondary market.
  • New South Wales’s Information and Privacy Commission published its annual report.
  • Cyberspace Administration of China issued notice on ‘Effectively Strengthening the Governance of Online Violence’.