- within Food, Drugs, Healthcare, Life Sciences, Employment and HR, Litigation and Mediation & Arbitration topic(s)
UK Information Commissioner's Office rebukes post office after preventable data breach
The United Kingdom ("UK") ICO has reprimanded the Post Office after a data breach exposed personal details linked to the Horizon Information Technology scandal. The incident arose when a legal document was published online without redactions, revealing names and home addresses of 502 former postmasters and putting them at risk of data misuse and further distress. The ICO found basic data-protection safeguards were missing, including proper checks before publication, sufficient staff training, and clear guidance on handling sensitive information. The regulator opted for a reprimand over a fine, while underscoring the importance of integrating data protection into everyday organizational processes.
India's government-mandated cybersecurity app for new smartphones
India's Department of Telecommunications required new smartphones to be sold with the government-run Sanchar Saathi cybersecurity app pre-installed and initially non-removable, aiming to combat telecom fraud and stolen devices. Although the app enables the International Mobile Equipment Identity ("IMEI") verification and reporting of fraudulent or lost or stolen phones, critics argued that compulsory installation undermined meaningful consent, reduced user control, and raised concerns over potential government surveillance, due to unclear limits on data access. Following domestic and international criticism, the mandate was withdrawn and the app deemed voluntary and deletable, yet the government did not clarify how deletion would work given the app's non-disableable features, raising doubts about the effectiveness of user consent.
United States proposal on social media disclosure for visa-waiver travel
The US Department of Homeland Security has proposed requiring travellers under the visa-waiver program to disclose five years of social media activity during pre-travel screening. The measure would affect nationals of 42 countries, including the UK and France, who may currently enter the US for up to 90 days without a visa. The proposal introduces additional requirements, including the submission of a selfie alongside passport photos. The proposals are subject to a 60-day notice period. However, social media disclosure already applies to immigrant and non-immigrant visa applicants.
Irish Data Protection Authority asked to probe Microsoft over alleged unlawful data processing
The Irish Council for Civil Liberties ("ICCL"), a human rights group, has formally requested that the Irish DPA investigate Microsoft over alleged unlawful processing of personal data linked to the Israeli Defence Forces. The request follows media reports that large volumes of Palestinian communications data were stored on Microsoft's Azure cloud as part of military surveillance operations. ICCL urged the DPA to assess compliance, warning that EU-based infrastructure enabled harmful surveillance. Microsoft responded by launching an external review and cancelling certain cloud and Artificial Intelligence services to Unit 8200, the Israeli military's spy agency.
Pennsylvania Supreme Court on warrantless access to Google search data
The Pennsylvania Supreme Court concluded that individuals do not have a reasonable expectation of privacy in general, unprotected Google search records. In Commonwealth v. Kurtz, law enforcement obtained search records from Google through a reverse keyword warrant, linking searches of a victim's details to the defendant's IP address. The majority reasoned that when users conduct searches on Google, they voluntarily disclose the content to third parties, removing any constitutionally recognised privacy interest. Although a warrant existed in this case, the key issue was whether privacy protection would apply even without one. The Kurtz majority held that, absent additional privacy safeguards, Google search queries are knowingly and voluntarily shared with search providers and therefore do not give rise to a reasonable expectation of privacy under Pennsylvania law.
European Union reaches compromise on chat-scanning rules amid privacy concerns
EU member states have agreed on a common position for a long-debated Child Sexual Abuse Regulation aimed at preventing and combating online child sexual abuse, including the controversial chat-scanning proposal. After intense pushback from citizens and privacy advocates, the Council dropped the most contentious element, mandatory detection of private communications, in favour of allowing platforms to carry out voluntary detection as part of their existing risk-mitigation frameworks. Despite the changes, privacy advocates argue the framework still creates indirect pressure on platforms, including those using end-to-end encryption, to adopt technologies that could enable broad surveillance practices.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
