Issue 153


  • European Data Protection Board adopted the “Recommendations 1/2022 on the Application for Approval and on the Elements and Principles to be found in Controller Binding Corporate Rules”.
  • UK’s Information Commissioner’s Office updated its guidance on international data transfers to include transfer risk assessment. 
  • Data protection authority (DPA) of France imposed a fine of EUR 800,000 against Discord Inc., for GDPR violation.
  • Portuguese DPA imposed a fine of EUR 170,000 on the Municipality of Setubal for GDPR violation. 


  • U.S. Senator urged the Federal Trade Commission (FTC) to release its privacy report on social media and streaming services.
  • Planned Parenthood urged FTC to write regulations to protect sensitive data of consumers from the consequences of commercial surveillance.
  • Northern California’s District Court approved a USD 90 million class action settlement against Meta Platforms, Inc. in the internet tracking case.
  • Privacy for America published a review on the research on use of data for advertising. 


  • Indian Ministry of Electronics and Information Technology issued a new Digital Personal Data Protection Bill, 2022 for public consultation. Comments may be submitted by 17 December 2022.
  • Japan’s Ministry of Economy, Trade, and Industry issued guidelines for cyber and physical security in factory systems.
  • Australian DPA published a report on notifiable data breaches.
  • South Korean DPA imposed a fine of KRW 9 million on BiznBook Co., Ltd. for violating provisions of the Personal Information Protection Act 2011.