Global News Roundup: March 14-20, 2023

In this week’s Global News Roundup, the European Parliament adopted its position on the proposed Data Act. The Amsterdam District Court ruled Facebook processed Dutch users’ data without legal basis for 10 years. And, the U.S. Federal Trade Commission finalized its USD520 million settlement with Epic Games over alleged Children’s Online Privacy Protection Act violations.

The Latest

Trinidad and Tobago’s Ministry of Digital Transformation Executive Legal Advisor Rudyard Davidson said work is ongoing to fully operationalize the country’s Data Protection Act and Electronic Transaction Act.

China’s Ministry of Industry and Information Technology announced investigations into alleged data protection violations concerning versions of mobile apps with broken protection or “cracked apps.”

The constituent court of the Court of Justice of the European Union expects legal challenges to the EU Digital Markets Act by the end of 2023, Reuters reports.

The European Parliament approved the eIDAS Regulation, legislation creating a continent-wide digital identity framework.

In an op-ed for The New York Times, former U.S. National Security Council Senior Director Peter Harrell and Special Assistant to the President Tim Wu discussed the need for federal comprehensive privacy legislation.

In a blog post for The Information Accountability Foundation, Groman Consulting Group Principal and former U.S. Federal Trade Commission Chief Privacy Officer Marc Groman outlined his recent analysis and recommendations for a “clearer” version of the proposed American Data Privacy and Protection Act.


The Hong Kong Office of the Privacy Commissioner for Personal Data announced two detainments for alleged doxxing. 

Singapore’s Personal Data Protection Commission announced a SGD62,400 fine against Eatigo International in relation to a 2020 data breach affecting 2.76 million individuals. 

The Amsterdam District Court ruled Facebook Ireland processed Dutch users’ personal data for advertising purposes without a legal basis and provided users’ data to third parties without proper notification from 2010-2020.

In response to a complaint by privacy advocacy group NOYB, Austria’s Data Protection Authority found Facebook’s tracking pixel in violation of the EU General Data Protection Regulation, however no penalty was issued by the DPA.

Advocate General of the Court of Justice of the European Union Priit Pikamäe ruled automated processing to determine an individual’s probability of obtaining a loan constitutes profiling under the EU General Data Protection Regulation. 

France’s data protection authority, the Commission nationale de l’informatique et des libertés, published a guide to its “priority themes,” which direct its investigations. 

Germany’s Federal Commissioner for Data Protection and Freedom of Information published its 2022 activity report. 

The U.S. Federal Trade Commission finalized its USD520 million settlement with Epic Games over alleged Children’s Online Privacy Protection Act violations. 

The U.S. FTC requested a 37% budget increase, approximately USD160 million, from U.S. Congress for the fiscal year 2024.

In a report outlining its needs, the U.S. FTC said it wants to hire 310 full-time employees, including 62 dedicated to consumer protection, with an eye toward helping the agency “investigate and litigate more and increasingly complex matters.”

The U.S. FTC’s new Office of Technology published analysis and subsequent guidance on third-party tracking pixels.

The Colorado attorney general’s office announced finalization of the Colorado Privacy Act regulations.


European Parliament voted 500-23 with 110 abstentions to adopt its position on the proposed Data Act. 


In a joint statement, U.S. Reps. Pramila Jayapal, D-Wash., and Warren Davidson, R-Ohio, urged reform of the Foreign Intelligence Surveillance Act’s Section 702. 


The Czech Republic’s data protection authority, the Úřad pro ochranu osobních údajů, published guidance on cookie disclosures for web operators. 

The U.K. Information Commissioner’s Office updated its guidance on data protection in artificial intelligence.

The U.K. ICO is launching a hotline for guidance on emerging technologies.

The U.K. ICO also released fresh guidance for product designers on embedding data protection into new products by default.


Amendments to Japan’s Telecommunications Business Act, including the External Data Transmission Rule, take force June 16. Mori Hamada & Matsumoto Senior Associate Kaei Ro and Partner Hiroyuki Tanaka provide an overview of the new rule.

The European Data Protection Board announced its 2023 coordinated enforcement action will focus on the designation and position of data protection officers. IAPP Staff Writer Jennifer Bryant has initial details on the CEF and what to expect as the process unfolds.

France’s data protection authority, the Commission nationale de l’informatique et des libertés, has been among the most active EU privacy regulators in recent years and that trend won’t stop in 2023. IAPP Managing Director, Europe, Isabelle Roccia offers highlights from the CNIL’s strategy reveal at the IAPP Data Protection Intensive: France.

Interoperability among existing U.S. comprehensive state privacy legislation is growing, but key differences remain between each of the five laws. IAPP Westin Research Fellow Anokhy Desai, CIPP/US, CIPT, analyzed laws in California, Colorado, Connecticut, Utah and Virginia, comparing and contrasting relevant terms, applicability, exemptions, consumer rights, business obligations and enforcement duties. 

Iowa is on the verge of becoming the sixth U.S. state to pass comprehensive privacy legislation. IAPP Staff Writer Joe Duball reports on its recent passage and key aspects of the bill.

Author: HO2rmeENXt