EU
- Spanish data protection authority imposed a fine of EUR 70,000, which was reduced to EUR 56,000, on Vodafone España, S.A.U., for violation of the General Data Protection Regulation.
- None of your business announced that it had filed a complaint with the Spanish data protection authority against Ryanair DAC for violations of the General Data Protection Regulation.
- The Norwegian data protection authority published its advice on the use of website analytics and tracking.
- The Italian data protection authority imposed a fine of EUR 20,000 on Ew Business Machines S.p.A., for violation of the General Data Protection Regulation and the Personal Data Protection Code.
AMERICAS
- California Consumer Protection Agency (CPPA) announced that it will be reviewing the data privacy practices of connected vehicle (CV) manufacturers and related CV technologies.
- U.S. Chamber of Commerce released a statement regarding the finalized rules requiring disclosure of material cybersecurity incidents and periodic disclosure of a registrant’s cybersecurity risk management, strategy, and governance in annual reports.
- California Department of Public Health issued the Medical Information Regulations, which implement new breach reporting requirements of the California Health and Safety Code.
- U.S. Senate Committee on Commerce, Science and Transportation, announced the approval of amendments to Senate Bill 3663 – the Kids Online Safety Act.
ASIA PACIFIC
- China’s National Information Security Standardization Technical Committee announced the publication of cybersecurity national standard requirements for 2023.
- South Korea’s data protection authority announced the publication for public comment of draft amendments to its guidance on standards for experts in personal information impact assessment.
- South Korea’s data protection authority announced that it had imposed a fine of KRW 3.6 million on OpenAI OpCo, LLC due to violations of the Personal Information Protection Act 2011 (as amended in 2020).
