Issue 194


  • French data protection authority imposed a fine of EUR 200,000 on SAF Logistics for violation of the General Data Protection Regulation.
  • The European Data Protection Board requested public comments on Guidelines on data transfers subject to appropriate safeguards under the Law Enforcement Directive.
  • Norwegian data protection authority released a statement regarding camera surveillance in the workplace, with a special focus on young employees. 
  • UK’s Information Commissioner’s Office (ICO) issued its opinion on the Data Protection (Adequacy) (United Stated of America) Regulations 2023 for the UK Extension to the EU-US Data Privacy Framework issued by the Department of Science, Innovation and Technology. 
  • ICO issued an enforcement notice and monetary penalty notice to House Hold Appliances 247 Limited and fined the company GBP 55,000 for violation of the Privacy and Electronic Communications (EC Directive) Regulations 2003.


  • Assembly Bill No. 352 on Health Information was enrolled and sent to the California Governor for action. 
  • Senate Bill No. 582 relating to healthcare was enrolled and presented to the California Governor for action.
  • Assembly Bill No. 1194 for An act to amend the provisions of the Civil Code relating to privacy, was enrolled and sent to the California Governor for action.
  • The Quebec Commission on Access to Information published updated guidance on conducting a Privacy Impact Assessment.


  • India’s Press Information Bureau announced that the Union Minister of State of the Ministry of Electronics and Information Technology participated in the first Digital India Dialogue discussions on the recently enacted Digital Personal Data Protection Act, 2023, in New Delhi.
  • Australia’s Attorney General’s Department published the Australian Government’s response to its Privacy Act Review Report 2022.
  • South Korea’s Personal Information Protection Commission published guidelines on the security of personal data transfers based on MyData, i.e., the right to data portability enshrined in the Personal Information Protection Act.