Issue 184


  • Italian data protection authority imposed a fine of EUR 40,000 on Volkswagen Leasing GmbH, for violating the General Data Protection Regulation, following a complaint by a Volkswagen customer.
  • The European Commission requested public comments on its Digital Services Act transparency database. Public comments can be submitted until 17th July 2023.
  • The Danish data protection authority authorized the football club ‘Brøndby IF’’ to use its facial recognition systems at stadiums for its matches, including those that take place in other stadiums.
  • UK’s Information Commissioner’s Office announced that it had taken action against the former director of Datasearch Services Limited and tracing agent, for obtaining personal information in violation of the Data Protection Act 2018.


  • Oregon’s Senate Bill 619 for an Act relating to protections for the personal data of consumers was signed by the Oregon Senate President and the Speaker of the House of Representatives.
  • Quebec’s Regulation respecting confidentiality incidents entered into effect, following public consultation.
  • US Senators for Oregon announced that they introduced to the Senate – Senate bill 2121, for the Data Elimination and Limiting Extensive Tracking and Exchange (DELETE) Act.


  • The Draft Digital India Bill, which may contain requirements for businesses to inform consumers on how their data is processed, is likely to be published soon. Reports Economic Times.
  • Japan’s Telecommunications Business Act was amended and entered into effect to establish specific rules for the handling of users’ information including reporting requirements, information handling policies, and rules for the transmission of such data.
  • Singapore’s Personal Data Protection Commission imposed a fine of SGD 58,400 and SGD 10,000 on Fullerton Healthcare Group Pte Limited and Agape Connecting People Pte Ltd respectively, for violating the Personal Data Protection Act, following a data breach notification.