Privacy Round-Up 2022
Weekly Newsletter

Data privacy has seen a boom in the past year. With countries coming up with new legislations, enforcement being stricter, and technology companies bringing in new technologies which gave rise to new data protection-related concerns. This round-up will deal with these issues.


Three months after abruptly withdrawing a previous proposal due to scrutiny and concerns from privacy advocates and tech giants, India has proposed a new comprehensive data privacy law that will mandate how companies handle the data of their citizens, including permitting cross-border transfer of information with certain nations. This comes after India abruptly retracted a previous proposal because of the scrutiny and concerns raised by privacy advocates and tech giants. The nation’s Ministry of Information Technology disseminated a proposed regulatory document that is dubbed the Digital Personal Data Protection Bill 2022.

Because it makes it possible to conduct data transactions across international borders with selected nations, the proposal is being hailed as a victory by the information technology (IT) industry.


On the other hand, the United States of America is making efforts to develop individual privacy legislation for each of its fifty states. In May 2022, members of Congress representing all political parties introduced a federal measure, despite the fact that its chances of becoming law are slim. In the meanwhile, the following pieces of law will become active in 2023:

● The California Privacy Rights Act will become operational on January 1, 2023, in the state of California.

● The Commonwealth of Virginia will have a statute in effect to safeguard the personal information of its customers beginning on January 1, 2023.

● The state of Colorado will implement a whole new privacy legislation on July 1, 2023.

● The Privacy of Personal Information Act of Connecticut, which goes into effect on July 1, 2023

● Residents of Utah will have their personal information protected under the Utah Consumer Privacy Act beginning on the 31st of December, 2023.

South-East Asia

In South-East Asia, the evolution of data privacy and cyber security policies will reach a critical juncture in the year 2022. The following is a rundown of the primary changes:

● On October 17, 2022, Indonesia passed new legislation that was designed to improve the level of protection afforded to the personal information of persons.

● The Personal Data Protection Act of Thailand became active on June 1, 2021, and various data protection guidelines were drafted in preparation for the law’s implementation.

● When the draught Personal Data Protection Decree was still undergoing promulgation in Vietnam, the government issued Decree 53, which sets instructions on the Cybersecurity Law.


The United Arab Emirates (UAE) passed its first data protection law on January 2, 2022. This law, known as the Federal Decree-Law No. 45 of 2021 respecting the Protection of Personal Data, was modeled after the General Data Protection Regulation. It is an encouraging step toward greater data protection harmonization with international standards, which is essential in today’s interconnected era, which is characterized by cross-border data flows. The law is consistent with the General Data Protection Regulation and other important international data protection principles.

On November 29, 2022, the Israeli Ministry of Justice made the Draft Privacy Protection Regulations (Provisions Regarding Information Transferred to Israel from the European Economic Area), 5782 – 2022.

The Saudi Data and AI Authority (SDAIA) submitted an updated version of the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia (KSA or the Kingdom) for consultation on November 20, 2022. (The Amended Draft). Significant, primarily business-friendly amendments are included in the Amended Draft, such as a relaxation of stringent data localization requirements and the addition of a specific type of legitimate interests as a foundation for processing.

Top GDPR Fines

This year, GDPR has seen strict enforcement of fines. The Data Protection Authorities of various EU nations levied heavy fines for non-compliance. The top 5 fines are here as follows-

● Instagram Meta Platforms Inc. – Ireland | €405,000,000

The sanction was imposed following a two-year investigation by the Irish DPC, which found that Instagram had allowed users between the ages of 13 and 17 to operate business accounts on the platform that displayed users’ phone numbers and email addresses. This led the authority to conclude that Meta had been processing the personal data of children and adolescents illegally without a legal basis under the GDPR.

● Clearview Al Inc. – Italy | €20,000,000

The inquiries and assessment by the Italian SA found several infringements by Clearview AI Inc. The personal data held by the company, including biometric and geolocation information, were processed unlawfully without an appropriate legal basis – since the legitimate interest of the US-based company does not qualify as such.

● Clearview Al Inc. – Greece | €20,000,000

The Greek Authority found that the company, which markets facial recognition services, violated the principles of lawfulness and transparency

● Clearview Al Inc. – France | €20, 000, 000

On October 17, 2022, the French Data Protection Authority (the “CNIL”) imposed a €20 million fine on Clearview AI for unlawful use of facial recognition technology. The fine was imposed after the CNIL’s prior formal notice remained unaddressed by Clearview AI.

● Meta Platforms Ireland Limited – Ireland | €17,000,000

Meta was fined 17 million Euros by the Irish authority for its handling of a dozen data breach notifications.

Emerging Technologies

The year 2022 has seen the three interrelated factors of accelerated digital transformation, particularly in relation to the widespread adoption of cloud, social media, IoT, and mobility, as well as ongoing difficulties in maintaining customer, supply chain, and employee experiences as well as maintaining cost competitiveness, value engineering, and responsiveness.

Even automotive companies have huge potential for additional revenues as well as savings from AI and big data in their IoT-connected cars ecosystem. However, as user data is collected and processed, it brings in a plethora of concerns.

The data sources in healthcare: patients, healthcare companies, research companies, payers, and other stakeholders have been churning data astronomically right from electronic health records (EHRs), imaging, genomic sequencing, smart sensors, mobiles, and wearables, medical research, payer and patient information and portals, government records and many more. this gives rise to many concerns.


It’s been another busy year in data privacy. A boom will even be seen in the year 2023, with continually changing technologies developing, giving rise to a fresh set of data protection concerns.

If you’re a company processing data, check out our services at

If you want to know more, reach out to us at

Major Privacy Updates of the Week


FTC set to clamp down on Twitter privacy probe

U.S. Federal Trade Commission is intensifying its probe of Twitter’s alleged privacy and data security issues since Elon Musk took over the company.

The agency brought in former Twitter Chief Privacy Officer Damien Kieran and Chief Information Security Officer Lea Kissner for questions as to whether Twitter’s practices and plans under Musk are consistent with the 2011 consent order the company agreed to over past privacy violations. 

Read more

Australia flag

Review of Australia's Privacy Act complete, under the attorney general's consideration.

Australia Attorney General Mark Dreyfus received the results of a government review of the Privacy Act, launched in December 2019, and is expected to release a response in the first half of 2023. Dreyfus said he anticipates “large-scale reform of the Privacy Act” to occur next year. 

Read more


Google and YouTube content providers must face U.S. children's privacy lawsuit

A U.S. appeals court on Wednesday revived a lawsuit accusing Alphabet Inc’s (GOOGL.O) Google and several other companies of violating the privacy of children under age 13 by tracking their YouTube activity without parental consent, in order to send them targeted advertising. 

Read more


U.S. House administration arm bans TikTok on official devices

The UK government has published a guide to artificial intelligence (AI) regulation and introduced data protection and digital rights legislation into parliament as part of post-Brexit data reforms. The AI guide has been published to help develop consistent rules to promote innovation in technology while maintaining public protection.

Read more

Facebook parent Meta to settle Cambridge Analytica scandal case for $725 million

Facebook owner Meta Platforms Inc (META.O) has agreed to pay $725 million to resolve a class-action lawsuit accusing the social media giant of allowing third parties, including Cambridge Analytica, to access users’ personal information. 

Read more

Curated by: Prajwala D Dinesh, Ritwik Tiwari, Ayush Sahay


Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!

*By clicking on subscribe, I agree to receive communications from Tsaaro