Issue 170


  • Norwegian data protection authority issued a fine of NOK 2.5 million on Argon Medical Devices, Inc. for violating provisions of GDPR.
  • Danish data protection authority released new guidance on the General Data Protection Regulation for small businesses to simplify compliance.
  • EU’s Advocate General issued their opinion in the case of OQ v Land Hessen on lawfulness of processing and on automated decision-making under GDPR.


  • New data privacy law set to be introduced in Iowa.
  • The Consumer Financial Protection Bureau along with FTC launched a request for information regarding data brokers and other business practices involving the collection and sale of consumer information.
  • The Federal Communications Commission adopted new regulations specifically targeting scam text messages sent to consumers.


  • India to notify ‘negative list’ for data transfer in the draft of the Digital Personal Data Protection Bill, 2022. Reports Economic times
  • The National Information Security Standardisation Technical Committee requested public comments on the draft National Standard ‘Certification Requirements for Cross-Border Transmission of Information Security Technology and Personal Information’.
  • Thailand’s Royal Decree on Measures for Protection and Suppression of Technology Crimes B.E. 2566 (2023) was published in the Government Gazette and entered into force.

Read our digital newsletter here.