Issue 160


  • National Assembly of the Republic of Slovenia adopted the Personal Data Protection Act by publishing it in the Official Gazette.
  • Ireland’s data watchdog imposed a fine of EUR 390 million on Meta Platforms Ireland Limited as its Facebook and Instagram services violated provisions of the GDPR.
  • The Spanish data protection authority imposed a fine of EUR 70,000, on Vodafone España, S.A.U. for violating provisions regarding lawful processing under GDPR.


  • The New Jersey Senate published amendments to Senate Bill on personal information and transparency obligations.
  • A bill concerning social media privacy and data management for children and establishing the New Jersey Children’s Data Protection Commission was submitted to the New Jersey General Assembly.
  • The Federal Communications Commission released a notice of proposed rulemaking aiming to update data breach of customer proprietary network information reporting requirements.
  • Senate Bill 15, on consumer data privacy was introduced in the General Assembly of Kentucky.
  • Senate Bill 0073 for the Tennessee Information Protection Act was introduced in the General Assembly of Tennesse.


  • MeitY published draft amendments to the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 in relation to online gaming, and launched a public consultation on the same. Comments can be submitted by 17 January 2023.
  • Hong Kong’s data watchdog issued a compliance order to the Registration and Electoral Office, for violating the Personal Data (Privacy) Ordinance (Cap. 486) as amended in 2021.
  • The Information Technology Industry Council submitted its comments on the Digital Personal Data Protection Bill, 2022 to MeitY.
  • Philippines National Privacy Commission amended certain provisions of a previously published circular on the guidelines on the processing of personal data for loan-related transactions.

Read our digital newsletter here.