The Norwegian Data Protection Authority has issued a statement detailing why they would not be using Facebook. The Authority examined the privacy risks of managing a Facebook Page. Read the statement here →
The Brazilian National Data Protection Authority has partnered with the Brazilian National Consumer Defence Council to issue a new data protection guide. Access the guide here →(Available in Portuguese)
The Slovenian DPA published guidelines on collecting employee data regarding their Covid-19 status as sick, vaccinated, or tested. Read the guidance here →
2) Notable Case Law
The Data Protection Authority for Cyprus issued a decision against an organisation as it was in breach of the right of access. The organisation allegedly did not give a patient full access to their medical data. Read the decision here →
The Spanish Data Protection Authority issued a fine against a company for sending direct marketing emails without obtaining the complainant’s prior consent. Access the decision →
The Singaporean Data Protection Authority issued several fines against companies that had insufficiently protected their consumers’ or employee’s personal data. Read more about the decisions here →
3) New and Upcoming Legislation
European Union – The European Data Protection Board (EDPB) has adopted an Opinion on the Draft South Korea Adequacy Decision. The representatives of EU countries now need to approve it before it is adopted by the European Commission. Read the EDPB Opinion here →
Saudi Arabia – A new data protection law was passed, it will come into force in March 2022. Read the press release here → (in Arabic)
The UK’s Information Commissioner’s Office (ICO) has announced three fines against companies for sending unsolicited marketing communications without the data subject’s consent. The companies had claimed to have obtained indirect consent.
The Irish Data Protection Authority has released a Guide on appropriate qualifications for a Data Protection Officer (GDPR).