Issue 172


  • Court of Justice of the European Union published a press release establishing that live streaming by video conference of classes in state school education falls within the scope of the GDPR.
  • Danish data protection authority published an updated guidance on data protection in the context of employment relationships.
  • Italian data watchdog issued a temporary limitation on Chat GPT for processing personal data of Italian users.
  • The French data protection authority issued an updated Guide on the Security of Personal Data under the GDPR.
  • The European Data Protection Board published Guidelines on personal data breach notification under GDPR.
  • UK’s data watchdog imposed a fine of GBP 12.7 million on TikTok Information Technologies UK Limited and TikTok Inc. for violations of the UK GDPR.


  • The California Privacy Protection Agency published the revised California Consumer Privacy Act of 2018, as amended CCPA Regulations.
  • The Office of the Privacy Commissioner of Canada launched an investigation into OpenAI, L.L.C in responses to a complaint alleging the processing of personal information without consent.
  • Senate Bill S.129 for an Act relating to Employee Privacy Protections was introduced to the State Senate of Vermont.


  • Amendments to Kingdom of Saudi Arabia’s Personal Data Protection Law were approved and published. The law will enter into force on 14th September 2023.
  • Australia’s Office of the Privacy Commissioner announced that Latitude Financial Services Australia Holdings Pty Ltd suffered a cyber-attack that lead to a data breach affecting more than 14 million consumer records from Australia and New Zealand.
  • South Korea data watchdog imposed a fine of KRW 706.66 million on McDonald’s Korea Limited, for violations under the Personal Information Protection Act 2011 (as amended in 2020).