United Kingdom
PM: “No platform gets a free pass”: Government takes action to keep children safe online
- PM has announced new power to act within months to keep children safe amid rapid technology changes and will give parents and carers greater clarity.
- The new measures include crackdown on illegal content created by AI. The government are looking to move fast to shut down a legal loophole and force all AI chatbot providers to abide by illegal content duties in the Online Safety Act.
- This follows government action to call out abhorrent non-consensual intimate images being shared on Grok, which subsequently led to the function being removed.
- New legal powers are to lay the groundwork for immediate action following its consultation on children’s wellbeing online. This means that actions can be taken quickly and measures such as setting a minimum age limit for social media and restricting features like infinite scrolling that are harmful may be put in place.
ICO wins appeal over data protection obligations in Currys cyber-attack
- The Court of Appeal (CoA) has ruled in favour of the ICO in an appeal against a previous decision regarding the data protection responsibilities that arose after a 2018 cyber attack on DSG Retail – now operating as Currys Group Ltd.
- DSG was victim to a major cyber-attack during a nine-month period in 2017 and 2018. In the incident, cyber criminals installed malware on the firm’s point-of-sale (POS) devices and used it to steal personal data, including the credit and debit card details of millions of customers. In a small number of cases, names, postcodes and contact details were also taken.
- In January 2020, the ICO fined DSG £500,000 under the Data Protection Act (DPA) 1998 after its investigation found the retailer had failed to patch software systems, install firewalls, segregate its networks, conduct routine security testing, or protect personal data.
- In previous appeals, DSG argued that the seventh data protection principle (DPP7) of the DPA under which it was fined did not apply to the incident. This was initially dismissed, but the Upper Tribunal supported, prompting the ICO to seek permission to appeal.
- Lord Justice Warby concluded that when an individual to whom data relates is identifiable to a data controller, the data controller must safeguard that data against unauthorised or unlawful processing whether or not the person processing it can use it to identify the individual.
United States
The US demands exemptions for military and diplomatic staff in the EU’s digital borders system
- The US has demanded that the EU give preferential treatment to its diplomatic, military, and other personnel, exempting them from mandatory fingerprinting and facial scanning at the borders of the Schengen zone.
- The EU’s new digital border system, specifically the Entry/Exit System (EES), which is currently being rolled out, will largely replace passport stamps with biometric registration to track people travelling in and out of the Schengen zone of free movement.
- Various non-EU states have requested clarity on whether their diplomatic and other official personnel will be exempted from biometrics requirements – such as fingerprinting and facial scans.
- Template responses to the US demands have been offered to some member states. It acknowledged the categories of US personnel already exempt from the EES system and assure the US that in cases where an official on a new posting is obliged to register biometric information when first arriving at a Schengen border, that information will be deleted once the member state receives proper documentation of the official’s exempt status.
Europe
Wrongly sent emails ‘most common data breach’
- According to a data breach authority, emails being sent to incorrect recipients continued to be the most common type of data breach in Guernsey last year.
- The Office of the Data Protection Authority (ODPA) said it processed a total sixty-one self-reported breaches in the fourth quarter of 2025, one less than in the third quarter.
- According to the authority, in most cases an organisation became aware of the breach through their own employees suggesting “improved awareness from those handling personal data”.
- It said twelve of the breaches were classified as high-risk. Several of the breaches were caused by people using personal email accounts to send or receive work-related information.
International
- AI is filling the mental healthcare vacuum as many are unable to access or afford qualified therapists. Nigeria’s health system, including its mental health provision, has been underfunded for a long time.
- Between 2015 and 2025, Nigeria has consistently spent less than 5% of its budget to healthcare, with 4.2% allocated for 2026. On top of this, there are only 262 psychiatrists in a country of 240 million people, most people with mental health conditions will not be getting adequate treatment.
- The shortages have been exacerbated by the Trump administration dismantling USAID, which has badly impacted services in Nigeria. Commercial and nonprofit AI initiatives are starting to fill this vacuum. There are a range of platforms in Nigeria offering AI chatbots to provide emotional support.
- The technology used by these apps follows scripts written by Nigerian psychologists and therapist who deliver care to users.
- Some experts caution that AI cannot provide the same level of expertise as a qualified therapist. Now, medical professionals are calling on the Nigerian government to develop enforceable national standards for AI.
For the latest updates on EU’s new digital border system, US exemption demands, UK online safety reforms, ICO’s Currys cyber-attack ruling, and the rise of AI chatbots in Nigeria’s mental healthcare sector, visit our Data Protection News hub.
