Data Protection News Update 04 December 2023

United Kingdom

NHS England faces lawsuit over patient privacy fears linked to new data platform

  • The NHS has been accused of breaking the law by creating a massive data platform that will share information about patients and, as a result, four organisations are bringing a lawsuit against NHS England claiming that there is no legal basis for its setting up of the Federated Data Platform (FDP).  
  • The four organisations will ask the high court to launch a judicial review of the lawfulness of NHS England’s decision unless they can satisfy them that the NHS does have the legal powers to set up the FDP.  
  • NHS England dismissed the four organisations concerns as “totally incorrect” and insisted that it did have the legal authority to press ahead.  

ICO reprimands council for disclosing domestic abuse victim’s details to ex-partner  

  • The ICO has issued a reprimand to Charnwood Borough Council after it disclosed the new address of a domestic abuse victim to her-partner.  
  • The council’s process for updating addresses was not clear and a letter detailing the new address of the victim was sent to the previous address she shared with her ex-partner. It was confirmed that the letter was opened and read by the ex-partner.  
  • The ICO urge organisations to make sure alerts are put on files if staff need to be especially vigilant when someone is a vulnerable service user, a proper process is in place for address changes, and data protection training is carried out (including refresher training).  

United States

US federal judge rules against Meta in privacy fight with FTC

  • Meta Platforms which own WhatsApp, Instagram and Facebook, lost the latest round of a court battle over privacy after a federal judge ruled a U.S. regulator can seek to reduce the amount of money the social media company makes from users under 18.  
  • The FTC accused Meta of misleading parents about how much control they had over who their children had contact within the Messenger Kids app, among other issues.   
  • The court ruled that the FTC can limit how much money Meta makes off advertising to users under 18 as part of a settlement over children’s online privacy.  


Personal health data: better portability and safe sharing  

  • Two European Parliament committees adopted a common position on the European Health Data Space (EHDS).  
  • The creation of a EHDS empowers citizens to control their personal healthcare data and facilitate secure sharing for research and altruistic (i.e., not-for-profit) purposes. This health data includes pathogens, health claims and reimbursements, genetic data, and public health registry information for reasons of health-related public interest.  
  • Explicit permission by patients will be made mandatory for the secondary use of certain sensitive health data, as well as an opt-out mechanism for other data.  
  • The law aims to provide patients with a right of access to their personal health data across all member states’ respective health care systems, with each state creating a national health data access service. 


Australian privacy watchdog refuses to investigate employer that allegedly access worker’s personal emails  

  • The Australian information commissioner refused to investigate an employer that allegedly accessed an employee’s personal emails, on the grounds the information was accessed on the employee’s work laptop.  
  • Shayano Madzikanda was suspended from his job from the mining industry company Mecrus in June 2019. Madzikanda had used his work laptop for personal activity, including saving his passwords for online banking, emailing from his personal account and accessing his online cloud storage. 
  • The ground of his suspension was working on personal projects and contacting Mecrus’ rivals during work hours. Madzikanda claimed his employer could only have known that by reading the contents of his personal emails and accessing information on his iCloud. 
  • The employer told the information commissioner that the information investigated by the company had been stored on a company laptop, which was in line with company policy.  


More Posts

Send Us A Message