Data Protection News Update 01 September 2025

IGS
September 1, 2025

United Kingdom

Apple warns UK against introducing tougher tech regulation

The Competition and Markets Authority (CMA) in the UK are planning to open up markets which are said to be too dominated by Apple and Google. The CMA wants Apple’s mobile technology to be exchanged and used by UK app makers – this is called “interoperability”.
Apple argues that the UK could face risks such as Apple features and enhancements being delayed. Apple says this happened to European users due to EU laws, which “sought to make it easier for smaller firms to compete with big tech”.
Apple’s comparison of UK competition rules with those in the EU have been rejected by the CMA, stating that they are to help businesses “innovate and grow”.
A statement released by Apple, found that the CMA’s approach “undermines the privacy and security protections our users have come to expect, hampers our ability to innovate and forces us to give away our technology for free to foreign competitors.” In response to Apple’s criticisms, the CMA has affirmed that the UK competition rules are designed to help UK businesses. It also added that driving greater competition need not undermine privacy.
The CMA has given companies to respond to the proposed UK competition rules and will make a final decision in October this year.

Government releases data breach review after questioning from Science, Innovation and Technology Committee chair

The Information Security Review which was carried out in 2023 following a series of high-profile public sector data breaches has been made public by the government.
Dame Chi Onwurah, Chair of Science, Innovation and Technology Committee, requested for this review to be published for ‘clarity about the government’s work to prevent a repeat of the 2022 MOD Afghan data breach.’
In a joint letter from Officials at the Cabinet Office and DSIT, Dame Chi has been informed that twelve of the review’s fourteen recommendations had been implemented. The Information Commissioner has called on the government to fully implement all the recommendations “as a matter of urgency”.
It has been found by the Information Security Review that a series of data breaches in the previous years have consistent themes in common, such as ‘the presence of hidden personal data within spreadsheets destined for publication or release.’

United States

Elon Musk’s Doge put sensitive social security data at risk, whistleblower says

Elon Musk’s “department of government efficiency” (Doge) made copies of sensitive Social Security Administration (SSA) data and uploaded the data to a “vulnerable cloud server”.
It is alleged that Doge officials uploaded highly personal information about “hundreds of millions of US citizens and residents”, including details such as names, race and ethnicity, and social security numbers.
The complaint was made from the chief officer at the SSA and alleged that the information is a “goldmine for bad actors” and “was placed on a server without independent oversight that only Doge official could access.
The SSA denied the allegations made and stated that they store “all personal data in secure environments that have robust safeguards in place.”

Why online forum 4Chan is suing Ofcom in the US

4Chan, an online forum, has launched a legal case against British Regulator Ofcom in the US, claiming that it attempted to “censor” the website.
The complaint against Ofcom who enforces the UK Online Safety Act, has been filed in a Washington DC Federal Court. 4Chan is aiming to ban Ofcom from enforcing the act against their website and another website called Kiwi Farms.
The complaint has come after Ofcom began an investigation into 4Chan in June due to receiving complaints about illegal activity on the site. The Online Safety Act says a “service does not have to be based in the UK to be subject to it and face action from Ofcom if it has a significant number of UK users or sees the UK as a target market”.
4Chan lawyers are reaching for the court to rule that US businesses with no physical presence in the UK are not subject to the laws. They also add that the Online Safety Act is in ‘conflict with US citizens’ free speech rights under the US constitution.’

Europe

Poland fines ING Bank Śląski 18.4m zloty over data privacy violations

ING Bank Śląski has been fined 18.4 million zloty by Poland’s data protection agency. It is the second-largest penalty for breaching EU privacy rules every issued by the agency.
The Personal Data Protection Office (UODO) said that the bank had “unlawfully scanned and stored customers’ and prospective clients’ identity cards between April 2019 and September 2020.”
Implementing an EU directive, Poland’s 2018 Anti-Money Laundering act includes that lenders can process and copy information from identify documents. However, this cannot be done in excess and there must be an adequate legal basis.
The bank claimed that they were complying with anti-money laundering rules. However, UODO said that the bank was scanning identify documents in cases not related to fulfilling obligations set out in the Anti-Money Laundering Act and exceeded what was required by law.
UODO noted that mass processing of personal data must be managed with a higher level of responsibility and due diligence on the part of the controller due to the negative consequences that it could have on many people.

European banks hit by rogue PayPal payments worth ‘billions’

It has been reported by Sueddeutsche Zeitung (SZ), a German newspaper, that payments of around 10 billion euros (£8.6bn) have had to be blocked, due to PayPal’s fraud-checking system failed.
The DSGV said that the incident “had significant effects on payment transactions across Europe, particularly Germany”.
The German Savings Banks Association (DSGV) confirmed that there had been a widespread of unauthorised direct debits from PayPal accounts against various credit institutions
A PayPal spokesperson stated that they identified the cause quickly and “are working closely” with their “banking partners to ensure that all accounts have been updated”. The DSGC confirmed that PayPal have resolved the problem.

International

AI boom boosts Nvidia despite ‘geopolitical issues’

Nvidia, a computer-chip designer, has been ‘boosted by big tech firms keen to expand their AI capabilities’ despite being ‘caught in the crossfire of a trade war between the US and China.
Nvidia’s products are in high demand from big tech firms such as Meta and OpenAI as they race to ‘build-out AI.’
Nvidia’s boss Jensen Huang successfully lobbied the Trump administration to reverse its ban on the sale of the company’s H20 chips, which were developed for the Chinese market. Afterwards, the company announced in July that the sales of its ‘high-end artificial intelligence chips’ to China would resume.
The reason for the ban was due to worries that the chips could benefit the Chinese military, in addition to AI developers based in the country
In the midst of US export restrictions, domestic chipmaking in China is on the rise and they are ‘cultivating competition in the sector that Nvidia currently dominates.’

Data Protection News Update 08 June 2026

United Kingdom OpenAI expands bank access to AI cybersecurity tool NHS Trust reveals patient data exposed in ransomware attack ICO secures £118,000 from former RAC

Retina scan of female eye, collage with futuristic data on virtual screen. User biometrical identification system

Data Protection News Update 01 June 2026

United Kingdom The UK government signed a three-year contract with to develop and trial AI facial estimation technology at borders, aiming to prevent adult migrants

3D Isometric Flat Vector Conceptual Illustration of Fine, Administrative Monetary Penalty.

GDPR Breach Fines: Understanding the Penalties

If your organisation processes personal data, which virtually every organisation does today, understanding the General Data Protection Regulation (GDPR) breach fines is crucial. While high-profile

New patient medical record form and stethoscope medical.

Data Protection News Update 26 May 2026

United Kingdom ICO puts forward recommendation to extend cookie consent exemptions to contextual advert cookies only 11 NHS staff members sacked for inappropriately accesses medical