Issue 198


  • Belgian data protection authority released a checklist to help organizations align their cookie practices with current regulations.
  • The Court of Justice of the European Union held in a judgement that a medical patient has the right to obtain a copy of medical records free of charge regardless of the reasons for such request.
  • The European Data Protection Supervisor published its final recommendations for the Proposal for a Regulation of the European Parliament on Artificial Intelligence Act.
  • the Italian data protection authority imposed a fine of EUR 75,000 and a corrective order on Università e-Campus, for violations of the General Data Protection Regulation and the Personal Data Protection Code.


  • New York State Attorney General along with 32 other Attorney Generals filed a federal lawsuit against Meta Platforms, Inc. for collecting personal data of children under the age of thirteen without obtaining parental consent.
  • U.S. Department of Health and Human Services’ Office for Civil Rights published a guidance entitled ‘How Sanction Policies Can Support HIPAA Compliance.’ 
  • Canada’s Minister of Innovation, Science, and Industry released draft motions to amend Bill C-27 for the Digital Charter Implementation Act 2022.
  • Canada’s Office of the Privacy Commissioner published new research on impact of artificial intelligence on privacy.


  • The Ministry of Industry and Information Technology of the People’s Republic of China published a notice of its sixth batch of notifications to apps on violations of users’ rights in 2023.
  • Australian Communications and Media Authority announced that Uber Australia Pty Ltd paid an infringement notice of AUD 412,500 for violations of the Spam Act 2003.
  • NTT Marketing Act ProCX – a call center operator based in Osaka, Japan, announced that a former temporary employee, while working with NTT Business Solutions, illegally accessed and leaked customer data to a third party. 
  • The Monetary Authority of Singapore and Infocomm Media Development Authority requested public comments on a Shared Responsibility Framework for phishing scams.