Issue 195


  • The Italian data protection authority published the latest update to its guidance on the processing of personal data in educational institutions. 
  • UK’s Information Commissioner’s Office (ICO) published a guidance to help employers fully comply with data protection law if they wish to monitor their workers.
  • ICO issued a monetary penalty of GBP 65,000, as well as an enforcement notice, to RHAP Limited, for violations of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
  • The Norwegian Privacy Board issued its decision in which it upheld the Norwegian data protection authority’s decision to impose a fine of NOK 65 million on Grindr LLC for violating provisions of the General Data Protection Regulation.


  • USA’s Electronic Privacy Information Center filed a complaint to the Federal Trade Commission against Grindr LLC for unlawful retention and potential disclosure of users’ sensitive information.
  • Wisconsin’s Assembly Bill 466 on consumer data protection and providing a penalty was introduced to the Wisconsin Assembly and thereafter, referred to the Committee on Consumer Protection. 
  • The Office of the Privacy Commissioner of Canada announced that it welcomed the Federal Court of Appeal’s decision in the case Google LLC v the Privacy Commissioner of Canada et al., which confirmed that Google Search is subject to the Personal Information Protection and Electronic Documents Act 2000.
  • Quebec Commission on Access to Information updated its guidance page for private organizations, to provide specific information on privacy related topics.


  • Cyber Security Agency of Singapore published an advisory on securing routers for organizations.
  • Thailand’s Personal Data Protection Committee published the notification on data protection officer appointment in the Government Gazette.
  • Telecom Regulatory Authority of India published its recommendations titled ‘Leveraging Artificial Intelligence and Big Data in Telecommunication Sector.’
  • Hong Kong’s  Privacy Commissioner for Personal Data issued recommendations to organizations to strengthen data security measures.