Data Protection News Update 27 October 2025

IGS
October 27, 2025

United Kingdom

Firm fined £100k after hack exposed patient data

A firm providing emergency medical services has been fined £100,000 after a serious data breach exposed sensitive patient information.
Thousands of emails, some containing confidential health data, were stolen from the Medical Specialist Group (MSG) in Guernsey.
The stolen data was used in phishing campaigns targeting patients, said the Office of the Data Protection Authority (ODPA)
The breach began in August 2021 but was not discovered until more than three months later.
MSG said that it had made “major enhancements to its cybersecurity infrastructure, including substantial investment in new technology, system monitoring, and staff training.”

Care providers to receive support for data and cyber security

Adult social care providers across England will receive £21 million over the next three-and-a-half years to strengthen their data protection and cyber security capabilities.
The Department of Health and Social Care (DHSC) has confirmed continued funding for the Better Security and Better Care programme following a competitive render.
The first service strand includes voluntary data and cyber health checks, delivered via local care associations, to help providers baseline and improve their data, privacy, and cyber practices.
The second service strand includes dedicated transition support for enhanced standards, co-designed with the sector to ensure that data security and protection toolkit (DSPT) requirements remain proportionate and tailored for adult social care.

United States

Two federal judges say use of AI led to errors in US court rulings

Two federal judges admitted in response to an inquiry by U.S. Senate Judiciary Committee Chairperson Chuck Grassley that members of their staff used artificial intelligence to help prepare recent court order that Grassley called “error ridden.”
Both judges said they have since adopted measures to improve how rulings are reviewed.
One of the judges has said his chambers have since created a written AI policy and enhanced its review process.
On a wider scale, lawyers have also increasingly faced scrutiny from judges across the United States for misuse of AI. Judges have given out fines or other sanctions in ‘dozens of cases’ over the past few years after lawyers failed to vet the output the technology generated.

Amazon faces regulatory heat over ring camera privacy

The Federal Trade Commission (FTC) has begun investigating Amazon’s ring camera privacy practices after several complaints about unauthorised data access.
Consumers have raised concerns about potential breaches and misuse of the ring camera’s footage, prompting the FTC to review these allegations.
The investigation signifies a ‘growing trend of regulatory focus on data privacy,’ including home surveillance products.

Europe

Experian fined EUR 2.7 million for mass-collecting personal data

Experian, one of the world’s largest credit reporting and data analytics companies, has been fined EUR 2.7 million for multiple violations of the General Data Protection Regulation (GDPR).
The Dutch Data Protection Authority (AP) says the credit and analytics services company improperly used personal data collected from multiple sources, both public and private. Customers were not informed of this.
In the Netherlands, the AP investigated the way Experian used the collected personal data after complaints were made from individuals.
The AP found that Experian collected data from multiple public and private sources, including the Chamber of Commerce trade register and telecom companies that sold customer information.

Lithuanian startup offers to buy personal information; data protection concerns raised

Whitebridge AI, a Lithuanian registered startup is offering to buy “packages” of information about individuals.
The Lithuanian State Data Protection Inspectorate has launched an investigation into the legality of the processing of personal data and possible violations off the GDPR.
The AI startup has not responded to requests to provide individuals access to the information held about them, nor have they responded to requests of the deletion and correction of data.
The AI startup states that only publicly available information is being obtained and that the company ‘does not collect data without a request.’

International

New Zealand parliament to debate teen social media ban

A bill to restrict social media for children under sixteen will be introduced to the New Zealand parliament. This action is in effort to prevent young people from being harmed while online.
The proposed legislation will require social media platforms to conduct an age verification process, similar to Australia’s world-first teen social media ban law passed in 2024.
There has been concerns raised about harms to mental health from the overuse of social media among teenagers, which includes bullying and misinformation.
Civil-liberties organisation PILLAR has said that the bill would not protect children online and would create ‘serious privacy risks and restrict online freedom for New Zealanders.’

Data Protection News Update 12 January 2026

United Kingdom UK government launches cyber action plan to strengthen public-sector security and protect digital services Ofcom scrutinises X and Grok over non-consensual AI images United

Data Protection News Update 06 January 2026

United Kingdom EU renews adequacy decision with United Kingdom Update on the November Cyberattacks against London Councils United States Disney to Pay $10M over Alleged

Data and AI Ethics 2025: An IGS Roundup

As 2025 draws to a close, it’s a natural moment to pause and reflect on a year that has been transformative, for the data and AI ethics

Data Protection News Update 22 December 2025

United Kingdom Investigation after data breach affects thousands United States US pauses implementation of $40 billion technology deal with Britain Can law enforcement access Google