The Latest Privacy & Data Protection News for July 2023


Photo of author

Donata Stroink-Skillrud

Co-founder and President of Termageddon

Another month, another batch of privacy news. Let’s get into it.

In June, Texas passed its privacy laws – the Texas Data Privacy and Security Act, which will go into effect on July 1, 2024.  We’re tracking many more bills this year- make sure to follow us on social media at @termageddon for the latest updates! We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field. 

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

  1. Texas Data Privacy and Security Act signed into law.  On June 18, 2023, the Governor of Texas signed the TDPSA into law. This new law will go into effect on July 1, 2024 and will require certain businesses to have a Privacy Policy with the specific disclosures enumerated in the law. The TDPSA will also provide privacy rights to residents of Texas such as the right to correct inaccuracies, the right to delete, the right to portability, the right to opt out of certain processing of personal information and the right to not be discriminated against for exercising privacy rights. Learn more here.
  2. CNIL fines advertising company 40 million euros. The online advertising company Criteo was fined for GDPR violations over not verifying individuals’ consent for data processing while violating principles for information and transparency, right of access, and data erasure. The investigation also found that Criteo placed tracking cookies onto a user’s device without first obtaining proper consent. Read more here.  
  3. NOYB files a complaint over Meta enforcement. The NOYB filed a complaint to Ireland’s High Court claiming that Ireland’s Data Protection Commission did not follow through on enforcement of GDPR violations by Meta. NOYB claims that the DPC failed to consider the effects of the reversal of a previous decision made against Meta and that the DPC failed to address nine issues raised about Facebook. Read more here. 
  4. US senators probe the privacy practices of Amazon Clinic. Senators have sent a letter to Amazon President and CEO about the privacy protections afforded to individuals enrolled in Amazon Clinic. The letter stated that Amazon provides no information as to why the company is collecting healthcare data or what purposes that data is used for. Read more here.
  5. Spotify hit with SEK58 million fine for GDPR violations. Sweden’s Data Protection Authority has issued Spotify a fine of SEK58 million. The DPA found that Spotify does not clearly inform individuals how their data is used by the company in response to data subject access requests. The DPA stated that Spotify must be more specific with its disclosure of data practices and make it easier for individuals to understand how the company uses their data. Learn more here.  
  6. FCC forms Privacy and Data Protection Task Force. The US Federal Communications Commission announced that it has formed a Task Force specifically for privacy and data protection. The Task Force will focus on approaches to data breaches and data security vulnerabilities while contributing to potential privacy rulemaking, enforcement and public awareness efforts. The goal of the Task Force is to protect the information and security of consumers. Learn more here. 
  7. UK Information Commissioner’s Office fines two energy companies. The UK ICO has fined two energy companies a combined GBP 250,000 for making illegal marketing phone calls to citizens and businesses on the country’s do not call register. Learn more here. 
  8. FTC and DOJ proposed $25 million fine against Amazon Alexa. The proposed action against Amazon Alexa includes the fines and various corrective measures over alleged privacy violations. The complaint states that the company violated COPPA stemming from data deletion and retention practices for children’s voice and geolocation data. Learn more here. 
  9. FTC announces $5.8 million fine against Amazon Ring. The fine is currently pending federal court approval and stems from allegations that Ring customers did not consent to video recordings being accessed by Amazon employees or to recordings being used to train algorithms. Read more here. 
  10. Microsoft updates Cookie Policy for Bing. Following a 60 million Euro fine from France’s Data Protection Authority, CNIL, Microsoft has updated its Cookie Policy for its Bing search engine. The fine stemmed from a misleading Cookie Policy that made it difficult for Bing users to decline data collection. Read more here. 

What privacy bills are we tracking? As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.


Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

  1. Cloud/Privacy/AI: trends and legal implications – July 27, 2023
  2. Privacy game changes: a new wave of state laws – July 26, 2023
  3. Somebody’s watching me: surveillance in the face of rapidly accelerating AI – August 17, 2023.

If you made it this far, there’s a good chance you just can’t get enough of privacy. Be sure to subscribe to our podcast, Privacy Lawls, where we talk privacy with some of the leaders in the industry. 

Photo of author
About the Author
Donata Stroink-Skillrud

Donata is the Co-founder and President of Termageddon and a licensed attorney and Certified Information Privacy Professional. She serves as the Vice-Chair of the American Bar Association's ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals.

Search the Site
Popular Articles
Browse by Category

Comparing Policy Generators

Cookie Consent Banner

Cookie Policy




How To's

Privacy Policy

Terms of Service

Subscribe for Updates