Global Updates – April 2023
Global updates – a quick glance
Argentina: Companies with 100 or more employees to provide child-care spaces or non-remunerative allowance in lieu of child-care spaces by July 31, 2023.
Australia:
Bulgaria: Amends VAT Act to revise turnover threshold for VAT registration and raises refund thresholds effective from January 1, 2023.
Canada:
China:
France:
Honduras: Changes in Individual income tax slabs published for 2023. No change in rates.
Hong Kong:
Hungary: Effective from January 1, 2023, mothers aged between 25 and 30 years of age exempted from personal income tax, subject to monthly salary cap.
Germany: Elimination of the obligation to submit the certificate of incapacity for work to the employer by employees who are members of the statutory health insurance, effective from January 1, 2023.
India:
Ireland:
Israel: The Tax Authority publishes updated personal income tax slabs and rates for 2023.
Italy: Italy Budget 2023 introduces changes in parental leave and social security contribution relief to employees as well as employment incentives for recruiting certain categories of employees.
Japan: Unemployment insurance contribution on salaries increased from 1.35% to 1.55% effective from April 2023.
Malaysia:
Philippines: Monthly VAT returns replaced by quarterly VAT returns from January 1, 2023.
Poland: Remote work regulations and employee sobriety check regulations effective from February 21, 2023, and April 7, 2023, respectively.
Serbia: E-invoicing applicable to business-to-business (“B2B”) transactions from January 1, 2023.
Singapore: Budget 2023 receives assent from the President on March 23, 2023; Enterprise Innovation Scheme introduced; Paid paternity leave increased from 2 weeks to 4 weeks for children born on or after January 1, 2024; GST rates to be increased.
South Africa: South Africa announces national budget, revises personal income-tax slabs and rates and corporate tax rates effective tax year 2023.
Spain: Companies to have internal information and reporting system for whistle-blower protection.
Switzerland: Two weeks adoption leave introduced from January 1, 2023, for employees.
Taiwan: Increases exemption limit for Income Basic Tax (alternative minimum tax) for companies from 2023.
Thailand: Labor Protection Act amended to facilitate remote working and work-from-home from April 18, 2023.
United Kingdom: Finance Bill 2023 published to implement announcements in Spring Statement such as pension tax relief, transfer pricing documentation and global minimum tax provisions.
Data Protection Fines Table |
||||
Country |
Authority Name |
Fine imposed on |
Reason For Fine Related to Data Protection Failure |
Amount of Fine |
France |
The French Data Protection Authority (Commission nationale de l'informatique’et des libertés/CNIL)
|
APPLE INC. and its subsidiaries (collectively the "APPLE Group"), a multinational company engaged in designing, manufacturing, and selling smartphones, personal computers, tablets, wearables, accessories and sells a range of related services. |
Fine was imposed for failure to obtain direct/indirect consent from users for processing their data for targeted advertising in Apple Stores. |
EUR 8 million |
France |
The French Data Protection Authority (Commission nationale de l'informatique’et des libertés/CNIL)
|
Microsoft Ireland Operations Limited, a multinational company engaged in the business of software development. |
Fine was imposed for making the mechanism for refusal of cookies more complex as compared to the mechanism to accept cookies and thus nudging users to accept cookies. CNIL concluded that this infringes the freedom of consent of internet users. |
EUR 60 million |
France |
The French Data Protection Authority (Commission nationale de l'informatique’et des libertés/CNIL)
|
TikTok, a multinational company engaged in providing social networking platform to users |
Fine was imposed for the platform’s violation regarding consent for cookies. CNIL concluded that it did not provide users with an appropriate option to opt out of cookies. |
EUR 5 million |
France |
The French Data Protection Authority (Commission nationale de l'informatique’et des libertés/CNIL)
|
Cityscoots SAS, a company engaged in the services of renting cars, electric scooters, and motor vehicles. |
Fine was imposed for breach of data minimization obligation as it collected data of the geolocation of vehicles every 30 seconds and kept a record of this information. |
EUR 125,000 |
Hungary |
The National Authority for Data Protection and Freedom of Information ('NAIH') |
TV2 Média Csoport Zrt., a media company engaged in managing the television portfolio.
|
Violation of the principle of fair and transparent data management in respect of personal data managed on the websites. It was asked by the authorities to bring the data management in line with the GDPR, including providing adequate information and having legal grounds of processing. |
HUF 10 million |
Ireland |
The Data Protection Commission (“DPC”) |
WhatsApp Ireland Limited, a company in the social media service industry. |
Fine was imposed for forcing users to provide consent which violates GDPR principle of free and informed consent. Also, the company provided insufficient clarity as to the purpose and nature of processing operations carried out on the user’s personal data. |
EUR 5.5 million |
Ireland |
The Data Protection Commission (“DPC”) |
Centric Health Ltd., a company engaged in providing health care services. |
A fine was imposed for not sending notifications about ransomware attacks to the patients whose sensitive data was compromised during the attack. The attack caused loss and alteration of personal and special category data of around 70,000 data subjects. |
EUR 460,000 |
Ireland |
The Data Protection Commission (“DPC”) |
Meta Platforms Ireland Limited, a multinational company. (Operating as the data controller of the social media platform – Facebook and Instagram both of which are multinational Information Technology companies). |
A fine was imposed for breaches under GDPR on Facebook and Instagram services for lack of transparency and clarity to users in relation to purpose and processing operations carried out on their personal data. DPC has directed both to reassess the legal basis for running of advertising based on personal data in the European Union. |
EUR 210 million - for breaches of the GDPR relating to its Facebook service.
EUR 180 million- for breaches in relation to its Instagram service. |
Italy |
Italian data protection authority ('Garante') |
Areti S.p.A, a company engaged in electricity distribution services. |
Fine was imposed for the following reasons:
|
EUR 1 million |
Italy |
Italian data protection authority ('Garante') |
Edison Energia S.p.A, a company engaged in providing electricity and natural gas. |
Fine was imposed for the following reasons:
|
EUR 4.9 million |
South Korea |
The Personal Information Protection Commission ('PIPC') |
Meta Platforms Inc (builds technologies that help in connecting people and grow businesses). |
A fine was imposed on the grounds that Meta banned users from accessing Facebook and Instagram services where users did not consent to collect behavioural data. PIPC also directed Meta to change its policies in addition to a levy of fine. |
KRW 6.6 million |
United Kingdom |
The Information Commissioner’s Office (“ICO”) |
It’s Ok Limited, a company engaged in the service of repair of household appliances, home, and garden equipment, etc. |
Unlawfully making marketing calls to people registered with the Telephone Preference Service (“TPS”) |
GBP 200,000 |