The Irish Data Protection Authority has published its regulatory strategy for 2022-2027. The press release notes: “The DPC recognises that it cannot achieve its ambitions alone – new partnerships and new ways of engaging will be necessary as we look towards a future of closer convergence.” Read here →
The Finnish Data Protection Authority has issued guidance on preparing impact assessments. Access the guidance here →
The Office of the Privacy Commissioner for Personal Data for Hong Kong has published a short article, as well as a booklet on data transfers according to the latest piece of Mainland Chinese Data Protection legislation (the PIPL). Access the article and booklet →
2) Notable Case Law
The Spanish Data Protection Authority has issued a decision against a sports club for its lack of information and transparency. Members were not given the opportunity to consent to the processing and publication of pictures of them. Read here (in Spanish) →
The Austrian Data Protection Authority has issued a fine against an individual for sharing and disclosing health data from another person without their consent. Read about the case here (in German) →
3) New and Upcoming Legislation
European Union – The Commission has concluded an adequacy decision with South Korea. In other words, transfers of data between EU countries and South Korea can take place in the same way they do between the EU countries themselves.
Turkey – The Data Protection Authority has proposed amendments to the data protection legislation. The proposal is being consulted before being presented to the Parliament.
In the EU, the Digital Markets Act was approved by Parliament and is now to be negotiated with the Council. The Act notably aims to regulate big online platforms and sets boundaries to micro-targeted and target ads.
The Norwegian Data Protection Authority (the Datatilsynet) has issued a fine to a dating-app company after finding that the company shared personal data with advertising partners without valid consent.