Datatilsynet

The Danish data protection authority (‘Datatilsynet’) announced, on 18 October 2022, that it had met with other Nordic supervisory authorities in Helsinki, on 13 and 14 October 2022, to discuss current topics in data protection and share experiences. In particular, the Datatilsynet stated that the protection of children’s data is a special focus area for the Nordic supervisory authorities, as noted in the Declaration of Helsinki. As such, the Datatilsynet specified that the supervisory authorities have decided to set up a working group to deal with children and online games, which must also contribute to identifying opportunities for joint guidance effort and enforcement measures.

Information Commissioner’s Office (‘ICO’)

The Information Commissioner’s Office (‘ICO’) published, on 24 October 2022, a monetary penalty notice, in which it imposed a fine of £4.4 million on Interserve Group Limited, for violations of Articles 5(1)(f) and 32 of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), following an investigation by the ICO and the receipt of a personal data breach notification by Interserve.

French data protection authority (‘CNIL’)

The French data protection authority (‘CNIL’) announced, on 20 October 2022, that it had issued, on 20 September 2022, the Deliberation of CNIL’s Restricted Committee No. SAN-2022-019 of 17 October 2022, in which it imposed a fine of €20 million on Clearview AI Inc., for violation of Articles 6, 12, 15, 17, and 31 of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), following complaints by individuals and data protection authorities.