Issue 157


  • The United Kingdom’s Department for Digital, Culture, Media & Sport and Dubai International Financial Centre (DIFC) issued a joint statement on deepening the UK-DIFC data partnership.
  • European Commission released a Q&A on EU-US Data Privacy Framework and the draft adequacy decision.
  • European Commission issued the modernised Standard Contractual Clauses (SCC) for transfer of personal data outside EU. Businesses must incorporate this SCC in their existing agreements before 27th December.
  • The Presidents of the European Commission, European Parliament, and the European Council signed the European Declaration on Digital Rights and Principles.


  • The Federal Trade Commission announced a settlement agreement with Epic Games, Inc. to pay a total of USD 520 million over allegations of privacy violations.
  • The Pennsylvania Attorney General announced a USD 100,000 settlement with Herff Jones, LLC for failing to protect consumers’ payment card information.
  • The U.S. Department of Health and Human Services Office for Civil Rights announced a settlement with B. Brandon Au, DDS, Inc. for disclosing the protected health information.


  • India’s Ministry of Electronics and Information Technology extended the deadline to submit feedback on the Digital Personal Data Protection Bill, 2022. Comments can be provided till 2nd January 2023.
  • The National Information Security Standardization Technical Committee of China issued its revised Practice Guidelines for Cybersecurity Standards, following public consultations.
  • The Australian Competition and Consumer Commission imposed penalties of AUD 53,280 on ING Bank (Australia) Limited for failing to comply with Consumer Data Right Rules.