Issue 196


  •  Italian data protection authority imposed a fine of EUR 20,000 on Shardana Working Soc. Coop. a r.l. for violations of the General Data Protection Regulation.
  • Data Protection (Adequacy) (United States of America) Regulations 2023 for the UK Extension to the EU-US Data Privacy Framework (UK-US Data Bridge) entered into effect.
  • UK’s Information Commissioner’s Office issued a preliminary enforcement notice against Snap Inc. and Snap Group Limited for a potential failure to assess the privacy risks posed by Snap’s generative artificial intelligence chatbot.
  • Spanish data protection authority updated its breach advisory and notification tool to help data controllers decide whether they should notify a personal data breach to the supervisory authority and determine whether to notify data subjects affected by a breach.


  • Colorado Attorney General published its Universal Opt-Out Mechanism List Application form under Colorado Privacy Act Rules.
  • Canada’s  Office of the Privacy Commissioner announced that it is seeking comments to update the guidance related to handling biometric information for the private and the public sector.
  • National Institute for Standards and Frameworks published a Cybersecurity Framework Profile for Liquified Natural Gas.
  • Governor of California signed Senate Bill 362 for an act relating to data brokers (DELETE Act) into law.
  • Cybersecurity and Infrastructure Security Agency and the National Security Agency published a joint cybersecurity advisory illustrating the top 10 most common cybersecurity misconfigurations found in large organizations’ networks. 


  • National Information Security Standardization Technical Committee (TC260) released its draft Technical Document on Basic Requirements for Security of Generative Artificial Intelligence Services.
  • South Korea’s  Personal Information Protection Commission (PIPC) announced that its regulations on the overseas transfer of personal information will enter into effect on October 16, 2023.
  • PIPC announced that its ‘Preliminary Adequacy Review System’ will be piloted to ensure the safe use of personal information in new services and technologies, such as artificial intelligence.
  • New Zealand’s Office of the Privacy Commissioner issued a press release on privacy issues concerning CCTV and educational institutions, with particular reference to school bathrooms.