Issue 182


  • Swedish data watchdog imposed a fine of SEK 58 million on Spotify AB, for violations of the General Data Protection Regulation.
  • Italian data protection authority imposed a fine of EUR 676,956 on Sorgenia SpA, for violations of the General Data Protection Regulation, following a complaint.
  • Italian data protection authority announced that it had requested information from TikTok Technology Ltd regarding statements on alleged access to TikTok users’ personal data by the Communist Party of China.
  • UK’s Information Commissioners Office issued an enforcement notice to Crown Glazing Ltd along with EUR 130,000 fine for violating the Privacy and Electronic Communications (EC Directive) Regulations 2003.


  • Senate Bill 768 on breach notification was signed by the Texas Governor and will enter into effect on September 1, 2023.
  • Senate Bill 3 for an act concerning online privacy, data, and safety protections became law after being signed by the Governor of Connecticut.
  • Assembly Bill 4983 for the New York Health Information Privacy Act, was amended and recommitted to the Science and Technology Committee, where it was subsequently renamed Assembly Bill 4983b.
  • The Office of the Privacy Commissioner of Canada published a blog on ‘Privacy in the workplace – practical tips for employers.’


  • The Dubai International Financial Centre published abbreviated Standard Contractual Clauses, as well as guidance for the use of data protection clauses and abbreviated SCCs.
  • Japan’s Personal Information Protection Commission released questions and answers on the usage of security cameras.
  • Singapore’s Infocommunications Media Development Authority (IMDA) published the Singapore Standard 697:2023 on the Deployment and Operation of Data Center IT Equipment under tropical climate.