Data Protection Bites 2/2021

Since our previous newsletter on new trends in Latvia concerning personal data processing activities, disclosure of personal data in public registries is still one of the most relevant discussion subjects. New information has been published regarding the administrative case initiated by the Data State Inspectorate (supervision authority) against one of the largest Latvian IT companies, which ensures its users with an access to a platform, where information about company board members, shareholders, and ultimate beneficial owners can be found.

In Indonesia, as of the date of this publication there is no general law on data protection. In January 2020, the Government of Indonesia officially submitted the final draft bill on Protection of Personal Data as an overarching data privacy law in Indonesia, which was included as a prioritized bill within the 2020 National Legislation Program, which is a list setting out prioritized draft legislation.

In consideration of the extremely sensitive data they process and in accordance with the data protection regulations, healthcare organizations are required to adopt appropriate technical and organizational measures to safeguard the protection of their patients' data.

The Polish Administrative Court (Polish: Wojewódzki Sąd Administracyjny), overturning a penalty imposed by the Polish Supervisory Authority, has interpreted in its judgment the principle of data minimisation expressed in Article 5(1)(c) and the grounds for processing of special categories of personal data expressed in Article 9 of GDPR.