Data Protection News Update 27 November 2023

United Kingdom

Patient privacy fears as US spy tech firm Palantir wins £330m NHS contract

  • NHS England has given US spy tech company Palantir and four partners including Accenture a £330m give-year contract to set up and operate the “federated data platform” (FDP).
  • The platform will be based on software that will allow individual health service trusts as well as the NHS’s 42 integrated care systems to “talk” to each other digitally and share data in an attempt to prove care, cut waiting times and make the service more efficient.
  • This decision has sparked concern from tech, medical and civil liberties groups, voicing unease about Palantir and the potential for patients’ data being mishandled.
  • The public needs assurance that their personal information won’t be harvested by Palantir for purposes that have little to do with their health.

Independent UK data transfer council publishes international transfers report

  • The International Data Transfer Expert Council introduced an independent report to the U.K. Department for Science, Innovation and Technology with recommendations on the goals for sustainable international data transfers. The report details the importance of collaboration with the EU on personal data protection. The council’s goal is to “foster a more consistent global dialogue about where surveillance and government access could pose a risk of harm.” 

United States

Secretive White House Surveillance Program Gives Cops Access to Trillions of US Phone Records

  • U.S. Senator Ron Wyden, D-Ore., wrote a letter to U.S. Attorney General Merrick Garland questioning the legality of the Data Analytical Services (DAS), a government surveillance program that provides phone records to law enforcement agencies.
  • The DAS has for more than a decade allowed federal, state, and local law enforcement agencies mine the details of Americans’ calls and analyze the phone records of people not suspected of any crime. This program runs in coordination with AT&T, who captures and conducts analysis of US call records for law enforcement agencies. There is no law requiring AT&T to store decades worth of Americans’ call records for law enforcement purposes.
  • Records show that the White House has provided more than $6 million to the program.
  • Wyden claims that the program is a violation of privacy that would justifiably outrage many Americans and other members of Congress.


EU countries call for ‘overarching and comprehensive evaluation’ of data protection law

  • The EU Council of Ministers consider the GDPR a ‘success’ and calls for a comprehensive evaluation next year rather than a reopening of the legislation.
  • The Council points out several ‘practical implementation challenges’ for private and public entities and calls for further clarifications and a strategy for future data adequacy decisions.
  • The European governments have invited the Commission to conduct “an overarching and comprehensive evaluation” of the application and functioning of the data protection law in the review report that the EU executive is due to publish next year.


LockBit may have stolen 24 years of data on Canadian government employees 

  • Ransomware group LockBit claimed responsibility for data breach that stole 1.5 terabytes of data from Canadian government employees.
  • Data potentially affected included personal information and financial data.
  • The Treasury Board of Canada Secretariat said it is working to identify specific employees affected, however, any employee who used two specific government contractors since 1999 could have had their data compromised.
  • Services are being offered to all current and former employees of the government and officials also urged those potentially affected to update their login credentials, enable multi-factor authentication and monitor their online accounts for unusual activity.


More Posts

Send Us A Message