Data Protection News Update 20 November 2023

United Kingdom

Former NHS secretary found guilty of illegally accessing medical records 

  • A former NHS employee has been found guilty and fined for illegally accessing the medical records of over 150 people.  
  • In June 2019, a complaint was raised by a patient who was concerned that their medical records had been accessed by an employee. An investigation revealed that Loretta Alborghetti, who worked as a medical security within the Ophthalmology department at Worcestershire Acute Hospitals NHS Trust when she illegally accessed medical records.
    • Ms. Alborghetti accessed the record of the individual who complained 33 times between March 2019 and June 2019, without consent or a business need to do so.
  • Ms. Alborghetti pleaded guilty to unlawfully obtaining personal data in breach of section 170 of the Data Protection Act 2018 and was ordered to pay a total of £648.  

Information Commissioner seeks permission to appeal Clearview AI Inc. ruling  

  • The UK Information Commissioner is seeking permission to appeal the judgement of the First Tier Tribunal (Information Rights) on Clearview AI Inc.  
  • In the Clearview AI judgement, the Tribunal supported the ICO’s view that US-based Clearview was processing personal information which related to the monitoring of individual’s behaviour through the collection of billions of facial images, which were then offered for access and analysis using AI to foreign subscribers. 
  • The commissioner considers the Tribunal incorrectly interpreted the law when finding Clearview’s processing fell outside the reach of UK data protection law on the basis that it provided its services to foreign law enforcement agencies.   

United States

Belgium defends tax data sharing during ‘accidental Americans’ lawsuit appeal 

  • Accidental Americans, who have U.S. citizenship but little connection to the country otherwise, want Belgium to stop sharing their financial information with the IRS.  
  • The Belgian government is appealing a ruling by its Data Protection Authority that prohibited transferring the financial information of Americans residing in Belgium to the U.S. Internal Revenue Service.
    • The ruling found that the government’s May bulk transfer of tax data of American citizens living in the country to the U.S. illegal under the EU General Data Protection Regulation.  
  • The original complaint was brought by the Association of Accidental Americans after the Belgian tax office transferred individuals’ tax data to the U.S. Internal Revenue Service.
    • The occurred under a bilateral agreement requiring Belgium to report tax information of U.S. citizens living there.  


EU faces privacy complaint over CSAM microtargeting ads it ran on X 

  • Privacy NOYB filed a complaint against the European Union Commission Directorate-General for Migration and Home Affairs for targeted advertisements related to an EU proposal to prevent child sexual abuse.  
  • NOYB claims the EU used targeted ads on X against the Digital Services Act that prevents “the use of sensitive personal data for ad targeting purposes.” 
  • The not-for-profit group also states it is considering filing a complaint against X for providing tools that enabled EU staffers to target ads using categories related to political opinion and religious beliefs- information that is known as “special category” data under the GDPR.

German public not convinced on benefits of data economy

  • A survey conducted for the Federal Association for the Digital Economy found that 75% of the 2,500 respondents in Germany do not see an economic benefit in digitalizing their data for processing.  
  • The distrust stems from concerns that the data will not be secure and used for the wrong purposes.  
  • Concerns are not so different from German businesses as a survey found only a third of companies in Germany are prepared to store, process, and utilise their data efficiently, with data sharing and processing being the most frequent legal concerns amongst businesses.  


Australia says hacks surging, state-sponsored groups targeting critical infrastructure 

  • State-sponsored cyber groups and hackers have increased assaults on Australia’s critical infrastructure, businesses and homes, a government report said, adding that its new defence agreement with Britain and the U.S. had likely made it more of a target. 
  • Reports of cybercrime surged 23% to more than 94,000 in the financial year until June stated the Australian Cyber Security Centre in its annual threat report.
    • It is estimated there was a hack on Australian assets every six minutes. 


More Posts

Send Us A Message