Global News Roundup: March 7-13, 2023

In this week’s Global News Roundup, the Privacy Commissioner of New Zealand responded to a public survey calling for increased privacy protections. EU companies found to have mishandled health data following a cyberattack are subject to fines following a recent ruling by the Ireland’s Data Protection Commission. U.S. lawmakers introduced a bill to ban the government’s use of facial recognition technology. And the U.K. Information Commissioner’s Office introduced a new U.K. General Data Protection Regulation certification scheme.

The Latest

In an interview with Radio Waatea, New Zealand Privacy Commissioner Michael Webster discussed the costs of privacy breaches, data minimization, biometrics regulation and more.

The U.S. Securities and Exchange Commission fined data management platform Blackbaud USD3 million for improper disclosures to individuals affected by a 2020 ransomware attack.

In a 5-0 vote, New Hampshire’s State Senate Judiciary Committee recommended Senate Bill 255, relative to the expectation of privacy, should pass with amendments.

The Oklahoma House advanced House Bill 1030, the Oklahoma Computer Data Privacy Act.


The High Court of Australia ruled against Facebook’s appeal for special leave in a 2020 case the Office of Australian Information Commissioner brought against the company.

Privacy Commissioner of New Zealand Michael Webster issued a statement responding to a recent survey showing public desires for increased privacy and data protection.

The Office of the Privacy Commissioner of Canada published its 2023-2024 departmental plan. 

The European Commission announced Meta’s WhatsApp agreed to improve user transparency for its EU terms of service and privacy notice.

EU-based companies that mishandle personal data following a cyberattack are subject to penalties following a ruling by Ireland’s Data Protection Commission.

Finnish consumer credit company Suomen Asiakastieto was fined 440,000 euros by Finland’s Office of the Data Protection Ombudsman.

Ireland’s Data Protection Commission released its 2022 annual report.

The U.S. Federal Trade Commission wants an interview with Twitter CEO Elon Musk in its investigation into privacy and data security allegations against the platform


New Zealand’s Privacy Commissioner Michael Webster spoke out against the proposed expansion of the Search and Surveillance Act.

India’s government plans to amend draft provisions on data transfers in the proposed Digital Personal Data Protection Bill.


European Data Protection Supervisor Wojciech Wiewiórowski criticized EU policymakers for shortcomings in proposed legislation to combat child sexual abuse materials.

European Parliament’s ePrivacy Regulation rapporteur Birgit Sippel called on the Swedish Presidency of the Council of the European Union to give attention to the long-stalled proposal. 

The Swedish Presidency of the Council of the European Union is making progress toward its final text for the proposed Data Act.

WhatsApp Head Will Cathcart said its parent company, Meta, would not adhere to the proposed U.K. Online Safety Bill and break its end-to-end encryption.


A group of U.S. lawmakers reintroduced the Facial Recognition and Biometric Technology Moratorium Act in both houses of Congress. 

U.S. Sens. Mark Warner, D-Va., and John Thune, R-S.D., joined a group of bipartisan senators to introduce the Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act.

The Iowa Senate voted 47-0 to advance Senate File 262, an act relating to consumer data protection, to House consideration. 


The Office of the Privacy Commissioner of Canada announced updates to its guidelines for faxing personal data. 

The U.K. Information Commissioner’s Office approved the fourth set of U.K. General Data Protection Regulation certification scheme criteria for training and qualifying service providers.


The adoption of the Digital Markets Act and the Digital Services Act show the EU is focused on reeling in the online advertising industry. Journalist Luca Bertuzzi considers the data protection-related themes that could be looked at with increased adtech rules.

The first annual coordinated action under the European Data Protection Board’s Coordinated Enforcement Framework, on the use of cloud-based services by the public sector, concluded in January. IAPP Managing Director, Europe, Isabelle Roccia described the process behind the CEF, the role of DPAs in coordinated enforcement actions and possible outcomes.

The U.K. released draft data protection reform of its General Data Protection Regulation. IAPP Editorial Director Jedidiah Bracy, CIPP, has the details.

The introduction of the proposed U.K. Data Protection and Digital Information Bill served as the perfect talking point to kick off the IAPP Data Protection Intensive: UK 2023 in London. IAPP Staff Writer Jennifer Bryant also reported on the first impressions of the legislation from U.K. Information Commissioner John Edwards and Liberal Democrat House of Lords spokesperson for Science, Innovation and Technology Tim Clement-Jones during IAPP Data Protection Intensive: UK 2023 in London.

During IAPP Data Protection Intensive: UK 2023, U.K. Secretary of State for the Department of Science, Innovation and Technology Michelle Donelan shared her perspective on proposed U.K. data reforms and their impacts, while Bryant also reported on highlights from a panel that explored the state of play and future of both EU data protection enforcement and international data transfers.

The second iteration of proposed reforms to the U.K. General Data Protection Regulation is available for public consumption. IAPP Research and Insights Director Joe Jones parsed through the 212-page Data Protection and Digital Information Bill and offers his initial thoughts, along with the top 10 takeaways for privacy professionals.

Across the U.S., state legislatures are again pushing for the adoption of comprehensive privacy legislation during their 2023 legislative sessions. IAPP Staff Writer Joe Duball looks at where commonality originated from and whether additional trends that could disrupt compliance are on the horizon.

Author: HO2rmeENXt