Issue 158


  • CNIL issued a fine of EUR 60 million on Microsoft Ireland Operations Limited for using advertising cookies.
  • Romania’s National Supervisory Authority for Personal Data Processing imposed a fine of EUR 10,000 on SudRezidential Real Estate S.R.L. for GDPR violations.
  • Dutch Data Protection Authority issued a statement on amendments to the Act on the Allocation of Workers by Intermediaries citing shortfalls in the processing of personal data.


  • U.S. District Court for the Northern District of California announced a USD 725 million settlement on Facebook’s class action suits.
  • Colorado’s Attorney General (AG) published an updated version of the draft rules implementing the Colorado Privacy Act, for public comments.
  • U.S. Congressmen sent a letter to the FBI regarding their facial recognition policies and practices.


  • U.S. Computer & Communications Industry Association issued comments on India’s Draft Digital Personal Data Protection Bill, 2022.
  • Australia’s AG announced an overhaul of the Privacy Act in 2023, upon receiving the final report on the review of the Privacy Act 1988 (as amended).
  • Singapore’s Personal Data Protection Commission imposed a fine of SGD 72,000 on RedMart Ltd, an online supermarket, for failure to implement appropriate security measures.