Issue 169


  • Slovenia’s data protection authority published an information page on joint controllership to clarify the elements that are to be included in a joint controller agreement.
  • UK’s Information Commissioners’ Office published a blog post addressing AI-driven discrimination including why data protection legislations are important to mitigate unfair discrimination.
  • Portuguese data protection authority announced the entry into operation, of the new Schengen Information System that is used in the field of border controls and in the field of police cooperation and judicial cooperation in criminal matters by the Schengen States.


  • Illinoi’s Bill on Right to Know was re-referred to the Rules Committee for failing to meet the applicable deadline established for reporting to the House by a standing committee.
  • Assembly Bill 947 on ‘California Consumer Privacy Act of 2018: California Privacy Protection Agency’ was amended and referred to the Committee on Privacy and Consumer Protection.
  • The Office of the Privacy Commissioner of Canada published an updated advice on the risks of faxing personal information.


  • India’s Ministry of Electronics and Information Technology presented a proposal for a Digital India Act, 2023.
  • Japan’s Ministry of Economy, Trade, and Industry released Guidance on the Sharing and Disclosure of Information on Damage from Cyberattacks.
  • Singapore’s Personal Data Protection Commission imposed a fine of SGD 62,400 in Eatigo International Pte. Ltd. for inadequate security measures.