Data Protection News Update 21 August 2023

United Kingdom

Changes to NCSC Cyber Incident Response Scheme

  • UK’s National Cyber Security Centre has announced a change to its Cyber Incident Response Scheme by adding an additional level. This means that more organisations will be able to receive incident response services, including organisations from the private sector.
  • The Cyber Incident Response Scheme supports organisation when they have become victims of cyber-attacks by ensuring that those organisations engage providers that they can trust (those providers are called Assured Service Providers). Those providers help to recover organisations from cyber incidents and deliver a full investigation of the incident and provide recommendations as to how to prevent it from happening again in the future.

United States

Woman is awarded USD1.2 billion in damages in ‘revenge porn’ lawsuit

  • A woman from Texas was awarded USD1.2 billion in damages in a ‘revenge porn’ lawsuit against an ex-boyfriend who shared images with explicit content of her with family, friends and co-workers without her consent with the intent of damaging her reputation.
  • Furthermore, the shared content included other identifiable personal data such as her name and address.

FTC charges credit company for not offering option to opt-out marketing emails

  • The Federal Trade Commission is looking to charge Experian, a credit company, USD650,000 for spamming individuals who have set up an account with them with marketing emails without offering them a way to opt-out.
  • Offering a way to opt-out of unsolicited marketing emails is a requirement under the CAN-SPAM Act.
  • The complaint was filed by US Department of Justice.


Czech Republic’s DPA is assessing police’s use of facial recognition technology

  • Czech Republic’s DPA is currently assessing the use of facial recognition technology by local police and has requested information from them including information of the specific tech which was used on a trial basis for nearly a year.

IAPP publishes an analysis of the revised Swiss Federal Act on Data Protection

  • IAPP has published an article about the new Swiss Federal Act on Data Protection (FADP) which comes into force on the 1st of September 2023.
  • The Act was passed in parliament in 2020 and aims at revising the original federal law on data protection which came into force in 1992.
  • With this revision, the ‘Swiss data protection regime will be brought into greater alignment with the GDPR’, but there are still notable differences. A helpful overview is provided in the IAPP’s article.
  • The FADP might be of note because with this revision, an expanded territorial scope is introduced. The FADP will apply to circumstances that have an effect in Switzerland, even if the actual activity was initiated outside of Switzerland. ‘In practice, like the GDPR, organisations targeting goods and services to Swiss individuals or monitoring their behavior will now have to comply with’ the revised Act.


Singapore’s Personal Data Protection Commission issues formal warning

  • Singapore’s Personal Data Protection Commission has issued a formal waring to a registered salesperson for not obtaining ‘clear and unambiguous consent’ from individuals and not checking the ‘Do Not Call Registry’ before making their sales calls.
  • A ‘Do Not Call Register’ allows people in certain countries to indicate that they do not wish to be contacted by telemarketers ( Singapore has such a registry. So does the UK, it is called ‘Telephone Preference Service (TPS)’, which allows UK residents to opt out of unsolicited marketing calls (

Australia’s government publishes ‘Tech Trends Position Statement’

  • Australia’s eSafety Commissioner published their ‘Tech Trends Position Statement – Generative AI’ guidance document. The paper gives an overview on the existing landscape, discusses the risks, harms and opportunities surrounding generative AI, highlights emerging good practice and safety by design measures and concludes with advice for users.

India’s Data Protection Law published in official gazette


More Posts

Send Us A Message