EU AND UK
- European Data Protection Board adopted the “Recommendations 1/2022 on the Application for Approval and on the Elements and Principles to be found in Controller Binding Corporate Rules”.
- UK’s Information Commissioner’s Office updated its guidance on international data transfers to include transfer risk assessment.
- Data protection authority (DPA) of France imposed a fine of EUR 800,000 against Discord Inc., for GDPR violation.
- Portuguese DPA imposed a fine of EUR 170,000 on the Municipality of Setubal for GDPR violation.
AMERICAS
- U.S. Senator urged the Federal Trade Commission (FTC) to release its privacy report on social media and streaming services.
- Planned Parenthood urged FTC to write regulations to protect sensitive data of consumers from the consequences of commercial surveillance.
- Northern California’s District Court approved a USD 90 million class action settlement against Meta Platforms, Inc. in the internet tracking case.
- Privacy for America published a review on the research on use of data for advertising.
INDIA AND ASIA PACIFIC
- Indian Ministry of Electronics and Information Technology issued a new Digital Personal Data Protection Bill, 2022 for public consultation. Comments may be submitted by 17 December 2022.
- Japan’s Ministry of Economy, Trade, and Industry issued guidelines for cyber and physical security in factory systems.
- Australian DPA published a report on notifiable data breaches.
- South Korean DPA imposed a fine of KRW 9 million on BiznBook Co., Ltd. for violating provisions of the Personal Information Protection Act 2011.