Issue 164


  • European Commission issued non-binding guidelines for online platforms and search engines on the provisions of the Digital Services Act.
  • Portuguese data watchdog issued guidelines on security measures to be adopted by organizations.
  • Italian data protection authority temporarily restricted US-based developer Luka, Inc. from processing personal data related to users in the Italian territory.
  • Former employee of breakdown services company RAC fined GBP 5,000 for stealing data of accident victims.


  • U.S. Department of Health and Human Services’ Office for Civil Rights announced a settlement with Banner Health Affiliated Covered Entities to resolve a data breach incident that disclosed the protected health information of 2.81 million consumers.
  • The Federal Trade Commission issued a proposed order to fine GoodRx Holdings Inc. for USD 1.5 million for unauthorised disclosure of consumers’ health information.
  • Google Fi informed its subscribers of a data breach. Reports The Times of India


  • India’s IT Minister states that around 50 government websites were hacked, and 8 data breaches occurred in 2022-2023. Reports The Times of India
  • Singapore’s Online Safety (Miscellaneous Amendments) Act entered into effect on 1 February 2023.
  • Kita Kanto Mazda Co., Ltd. notified customers of a data leak that exposed the personal information of about 50,000 people.