Issue 167


  • Czech Republic’s Office for Personal Data Protection announced an amendment to the government’s legislative rules regarding data protection impact assessments.
  • Ireland’s data watchdog imposed a fine of EUR 460,000 on a healthcare service provider for violation of the GDPR.
  • French data protection authority issued a press release on the data protection considerations of the health insurance card, e-Carte Vitale.
  • European Data Protection Board adopted guidelines on data transfers and deceptive design patterns in social media interfaces.


  • A bill for the prevention of exploitation of children’s data was introduced to the New York State Assembly.
  • Minnesota’s bill for the privacy of genetic information was referred to the Judiciary Finance and Civil Law Committee.
  • The revised draft of the Colorado Privacy Act Rules was filed with the Secretary of State.
  • The Electronic Privacy Information Centre sought clarifications on privacy and security rules for carriers that collect location data for 911 call routing.


  • Australia’s government committed to a reform of Australian laws on the retention of metadata.
  • Malaysia’s Department of Personal Data Protection issued a General Code of Practice of Personal Data Protection.
  • Japan’s Ministry of Economy, Trade and Industry released draft Guidelines for Cyber-Physical Security Measures in Building Systems. Comments may be submitted until 17 March 2023.
  • Hackers stole login credentials for data centres based in Shanghai and Singapore. Reports The Hindu