United Kingdom
ICO warns of legal action over distressing UK care-record access process
- The UK ICO has raised concerns over the long process when people try to exercise their right to access their care records with their local authorities.
- The waiting period to obtain one’s care records from their local authority is nearly 16 years. The ICO also highlighted the “cold bureaucracy, long delays and pages of unexplained redactions, which can have devastating consequences”.
- To this end, the ICO recently served Bristol City Council with an enforcement notice for delays in actioning a child social care data access request, and fined Birthlink, a Scottish charity, with £18,000 after it destroyed 4,800 personal records comprising of handwritten letters and photographs.
- In response to the ICO, chair of the Local Government Association’s Children, Young People and Families Committee, said that although the councils wants to provide people with access to their care records in a reasonable time period, they lack the resources to do so.
Data of Royal Cornwall Hospital’s staff disclosed in a data breach
- Personal data of 8,100 current and former employees of the Royal Cornwall Hospital was leaked in a data breach after an editable spreadsheet containing staff data was disclosed.
- Personal data included information collected between April 2020 and March 2023 comprising of the names and job titles of the employees, descriptions of their sickness leaves. No patient or financial data was disclosed.
- The hospital commented that it has taken steps to ensure highest standards of data protection, including removing the spreadsheet from its website disclosure log.
- The Information Commissioner’s Office (ICO) was informed of the data breach, however post investigation it decided that no further action is necessary.
United States
US will now require social media disclosures for visa-waiver requests
- Citizens of countries like the UK and France, covered by visa-waiver schemes, will have to disclose past five years of their social media history to visit the US, according to the Department of Homeland Security.
- This proposed change will affect citizens of 42 countries who are allowed to stay in the US for up to 90 days without a visa after a pre-travel screening.
- This new rule is likely to negatively affect tourism in the US, especially with the country hosting next year’s football World Cup.
- The Department also introduced additional changes, including requiring a ‘selfie’ alongside the visa application, in addition to passport photos.
- These proposals are subject to a 60-day notice period. However, all immigrant and non-immigrant visa applicants are already requiring listing social media handles used in the past five years.
Europe
- Italy using its “golden-power” legislation, applicable to domestic or foreign deals affecting the country’s important assets, has ruled that consumer data of Ceconomy’s Italian subsidiaries should be kept separate to JD.com.
- The Italian government held that JD.com’s access to large-scale personal data held by Ceconomy poses a security risk to Italy and other EU member states.
- JD.com has committed to storing data of Italian consumers exclusively in EU data centres.
- It is argued that this move comes after growing risk of Chinese companies flooding EU markets with goods at lower price to make up for losses from US trade.
- The Austrian government has also asked the Italian government for clarification on this deal.
Meta to provide EU Instagram and Facebook users with the option of sharing less data
- EU Instagram and Facebook users will have the option to share less data with Meta in exchange for receiving ads which are less personalised.
- EU users will be the first in the world to receive this option to opt-out without paying a subscription fee.
- This announcement comes after Meta was fined €200 million in the EU for imposing a ‘consent or pay’ system on its users which forced them to either pay a subscription fee or share their personal data for targeted ads.
- The EU has been facing criticism from the Trump administration when targeting American tech companies.
International
Human rights group asks Irish Data Protection Authority (DPA) to investigate Microsoft
- The Irish Council for Civil Liberties (ICCL), a human rights group, has asked the Irish DPA to investigate Microsoft over alleged unlawful data processing by the Israeli Defence Forces.
- This formal request comes after publication in Israeli-Palestinian magazines about large-scale data from Palestinian phone calls being stored in Azure, Microsoft’s cloud service, as part of mass surveillance by the military.
- The executive director of ICCL said that the DPA should assess their compliance given the use of EU infrastructure to enable surveillance is causing real-world violence.
- In response, Microsoft ordered an urgent external inquiry into its relationship with Unit 8200, the Israeli military’s spy agency, followed by cancelling some of its cloud storage and AI services provided to the Unit.
For the latest updates on the US visa social media requirement, UK ICO concerns over care-record delays, Royal Cornwall Hospital data breach, EU rulings on Meta and JD.com, and international privacy investigations, visit our Data Protection News hub.
