Data Protection News Update 11 May 2026

IGS
May 11, 2026

United Kingdom

How does live facial recognition work and how many UK police forces use it?

The Labour government wants all police force to use facial recognition technology as they deem it the biggest breakthrough for catching criminals since DNA matching. It has been announced 40 new vans rigged with live facial recognition cameras to be deployed in town centres across England and Wales.
The surveillance cameras that are being seen more in town centres is live facial recognition (LFR) technology that lets police scan every passing face, capture its biometric data and use AI-powered software a remote operations centre to compare it in real time with watchlists of people whom the police want to arrest or keep an eye on.
There are concerns that the live facial recognition technology has problems with racial bias. LFR has historically been more likely to make errors with people from minority ethnic backgrounds.
The ICO, the Equality and Human Rights Commission, and the courts have scrutinised the police force, however, last month backed the Metropolitan police’s use of the technology.
The next technology implemented could be cameras that analyse human movements for behaviours such as loitering or aggressive postures or even facial expression to infer emotional states.

United States

NYC public schools get lousy grade on protecting student privacy

A new audit by State Comptroller found that NYC public schools are suffering from omissions in student data privacy policies.
For example, it was found that the city’s school system doesn’t have written policies on risk assessment and data backups or keep a full list of all applications used by local schools.
The audit found that more than a quarter of school employees skip annual cybersecurity trainings and when a breach occurs, incidents are failed to be reported, or families are not notifying in a timely manner.
Between 2023 and 2025 there were 141 breaches and inadvertent data releases, also, it was found that officials delayed reporting 48% of incidents to the New York State Education Department.

Europe

Irish regulator investigates Shein over data transfers to China

An inquiry has been opened by Ireland’s Data Protection Commission into Chinese retailer Shein over the transfer of European users’ data to China.
It will be assessed and examined the extent to which the company’s Europe, Middle East and Africa headquarters in Dublin has complied with obligations under the EU privacy rules.
Only last year the DPC fined China’s TikTok 530 million euros over concerns about how it protects user information and ordered the short video platform to suspend data transfers to China unless its processing were made to comply.
Shein says they are fully committed to compliance and made a statement that they have been “actively engaging with the DPC in recent months on its data protection approach”.

International

OpenAI violated Canadian privacy laws, Watchdogs find

The Office of the Privacy Commissioner of Canada and provincial counterparts in Quebec, British Columbia and Alberta led a joint investigation that concluded that Open AI’s early methods for developing ChatGPT did not comply with Canadian privacy laws.
It was cited that there was overcollection, lack of valid consent, use of sensitive personal data and inadequate safeguards.
According to the regulators, ChatGPT’s datasets included information from publicly accessible sources such as social media, blogs, news articles that could contain sensitive details such as health conditions, political views and data about children.
OpenAI has not implemented measures to limit personal and sensitive information used for training and has committed to additional steps.

Australia’s ALS restored most services after cyber incident; data impact under review

ALS, a technical service provider, stated that unauthorised third-party access to parts of its IT systems caused a ‘temporary disruption’ to some of its operations, but most services were quickly restored.
ALS provides scientific testing services spanning commodities, food, and pharmaceuticals. It informed the Australian Cyber Security Centre, and is working with clients, authorities, and regulators to assess any data impact.
The breach was flagged as a malicious cyber activity and triggered immediate action from the IT and security teams at ALS.
ALS did not provide any timeline or details on when the disruption began.

For the latest updates on AI privacy concerns, including UK live facial recognition deployments, OpenAI privacy investigations, student data protection failures, cross-border data transfers, and global cybersecurity incidents, visit our Data Protection News hub.

Data Protection News Update 08 June 2026

United Kingdom OpenAI expands bank access to AI cybersecurity tool NHS Trust reveals patient data exposed in ransomware attack ICO secures £118,000 from former RAC

Retina scan of female eye, collage with futuristic data on virtual screen. User biometrical identification system

Data Protection News Update 01 June 2026

United Kingdom The UK government signed a three-year contract with to develop and trial AI facial estimation technology at borders, aiming to prevent adult migrants

3D Isometric Flat Vector Conceptual Illustration of Fine, Administrative Monetary Penalty.

GDPR Breach Fines: Understanding the Penalties

If your organisation processes personal data, which virtually every organisation does today, understanding the General Data Protection Regulation (GDPR) breach fines is crucial. While high-profile

New patient medical record form and stethoscope medical.

Data Protection News Update 26 May 2026

United Kingdom ICO puts forward recommendation to extend cookie consent exemptions to contextual advert cookies only 11 NHS staff members sacked for inappropriately accesses medical