Issue 154


  • UK announced the finalisation of its legislation for its first independent adequacy decision, providing adequacy for international data transfers between UK and South Korea.
  • Germany’s Baden-Württemberg data protection authority approved the national code of conduct, titled ‘Requirements for processors under Article 28 of the GDPR – Trusted Data Processor’.
  • Austria’s Federal Administrative Court upheld Austrian Data Protection Authority’s decision in case regarding the complainants right to be forgotten which was refused by Google.
  • The Council of the European Union announced the adoption of regulation on digital operation resilience for the financial sector.


  • Attorneys General from 33 US states submitted a letter to the Federal Trade Commission suggesting data minimization for commercial surveillance and how different types of data should be handled.
  • A group of 10 attorneys general urged Apple to enact stronger privacy controls for third party apps that collect reproductive health information.
  • The Federal Trade Commission published the National Do Not Call Registry Data Book for Fiscal Year 2022.


  • India’s IT Minister announced that The Digital Personal Data Protection Bill is targeted to be passed by August 2023. Reports TheIndianExpress
  • All India Institute of Medical Services was forced to operate manually after suffering a ransomware attack that disrupted its services. Reports TechCrunch
  • Japan’s Wacom Co. Ltd. issued a notice in which it addressed a data breach potentially affecting the personal information of up to 147,545 customers.
  • The Cyberspace Administration of China announced a new certification on the implementation of personal information protection along with implementation rules.
  • The Australian Parliament approved the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022.