Data Protection News Update 02 October 2023

United Kingdom

ICO warns organisations to provide stronger data protection for victims of domestic abuse

  • This comes after 7 ICO reprimands since June 2022 over data breaches involving the personal information of domestic abuse victims.
  • The 7 data breaches concerned involved:
    • 4 cases of organisations revealing the safe addresses of the victims to their alleged abuser. In one case a family had to be immediately moved to emergency accommodation.
    • Revealing the identities of women seeking information about their partners to those partners.
    • Disclosing the home address of two adopted children to their birth father, who was in prison on three counts of abusing their mother.
    • Sending an unredacted assessment report about children at risk of harm to their mother’s ex-partners.

United States

Viral TikTok account doxes otherwise anonymous people on the internet via facial recognition technology

  • The account uses the “off-the-shelf” facial recognition technology to create content and grow a following.
  • The account is now 90,000 followers strong.
  • TikTok has decided to not remove the account from its platform.


The Data Governance Act is applicable since the 24th of September 2023

  • The DGA entered into force on the 23rd of June 2023 and represents a key pillar of the EU’s “European strategy for data”.

CNIL issues 200k euro fine over excessive employee data collection and lack of cooperation

  • CNIL, France’s data protection authority, has fined SAF LOGISTICS, the multinational air freight provider, whose parent company is located in China.
  • The fine comes after the dpa’s decision that SAF was collecting excessive amounts of data from its employees in violation of their privacy.
  • The fine also reflects a lack of cooperation on SAF’s behalf with the CNIL services.
  • At the heart of the controversy: a form SAF was using to recruit employees that involved questions relating to their private lives.

EDPB adopts guidelines on application of Article 37 of the Law Enforcement Directive

  • Find the new guidelines here:
  • The guidelines provide “clarity on the legal standard for appropriate safeguards” when transferring personal data from EU countries to third country organisations or authorities for the aim of law enforcement.
  • In particular, the guidelines “reiterate that any transfer of personal data requires an essentially equivalent level of protection in the recipient third country or international organisation and that transfers should by no means undermine the level of protection applicable in the EU”.
  • The guidelines also include a list of practical elements that should be addressed in a legally binding instrument, in addition to examples for assessing and categorising the circumstances of a transfer.


New law to give Australians the right to sue for serious breaches of privacy

  • The law will require small businesses to comply with privacy laws for the first time.
  • Children will also gain extra privacy protection, but a “broader right for adults to opt out of targeted advertising recommended by the attorney general’s department has been rejected by the Albanese government, a decision likely to disappoint consumer rights advocates”.


More Posts

Send Us A Message