dpas bulletin - february 27
Welcome back to our monthly DPAS bulletin, where we cover the latest data protection news from all around the world.
Why has Apple removed Advanced Data Protection for UK users? What AI grandmother has been tasked with frustrating scammers? And why is the government considering a mandatory open banking model?
Read about all this and more in our latest DPAS Data Protection Bulletin.
Half of “knowledge workers” found to use personal AI tools, even if unapproved
A recent survey by Software AG has revealed that half of all knowledge workers (defined in the survey as employees who work primarily at a desk or computer) use personal AI tools, even if not approved in the workplace.
Some of these employees do this due to a lack of AI tools provided by their employer, whereas others do so because they prefer alternatives to the tools given to them. A software engineer at a financial services technology company explained that he doesn’t bother seeking approval simply because it avoids a lengthy process.
Read more about this here.
AI grandmother bot “Daisy” used to waste scammers’ time
An AI bot designed to waste phone scammers’ time and combat fraud has been rolled out by O2 – one that takes the form of an elderly grandmother named “Daisy”.
Daisy is designed to inundate scammers with irrelevant questions and tangents, stalling them by acting as if she can’t find where to click, changing the subject, and acting like a typical non-computer savvy grandma. Example calls have demonstrated Daisy to frustrate scammers with phrases like, “I see a lot of options, dear. It says things like back, forward, reload and, oh, what’s this? Save as. How do I find the homepage?”
Read more about this here.
South Korea accuses DeepSeek of sharing data with ByteDance
DeepSeek was removed from Apple and Google’s App Stores in South Korea earlier this month (but not until over a million users had already downloaded it) due to concerns that user data was being shared with TikTok owner ByteDance.
The Personal Information Protection Commission (PIPC), the nation’s data regulator, claims that they “confirmed DeepSeek communicating with ByteDance”, but despite this, were “yet to confirm what data was transferred and to what extent”. While DeepSeek has been removed from the aforementioned app stores, existing users can still access it, and the program remains available via web browsers.
Read more about this here.
UK and US choose to not sign declaration at Paris AI Action Summit
At a significant Paris AI summit, the UK and US have decided not to sign a declaration on “inclusive and sustainable” artificial intelligence.
This declaration, prioritising “making AI sustainable for people and the planet”, received backings from 60 other nations, including France, China, and Canada. However, the UK and US were two that chose not to sign. The reasons for these refusals were rather different. US Vice President JD Vance warned against overly strict regulations that could “kill a transformative industry just as it’s taking off”, stating that “pro-growth AI policies” were more of a priority. The reason behind the UK’s refusal to sign was due to concerns that the declaration didn’t “provide enough practical clarity on global governance, nor sufficiently address harder questions around national security and the challenge AI poses to it”, according to a government spokesperson.
Read more about this here.
Government considering open banking model to combat welfare fraud
According to the Department of Work and Pensions (DWP), it’s predicted that the amount of money lost to fraud will rise every year by five per cent – a trend which is projected to continue for the next five years. Since COVID, £35 billion in total has been incorrectly paid to individuals not entitled to the money, a significantly higher amount than before the pandemic. For example, the figure in 2018-19 was only £3.9 billion in comparison.
To counter this, Labour is therefore investigating the possibility of an open banking system to truly crack down on fraud, a move which is being met with some concern and criticism. For example, Jasleen Chaggar of privacy campaign group Big Brother Watch, warns that “mandatory open banking would give DWP civil servants constant access to the bank statements of welfare recipients, revealing deeply private information about their movements, associations, political donations, sexual preferences and religious beliefs”.
Read more about this here.
ICO issues enforcement notice to Dorset County Hospital NHS Trust
The Information Commissioner’s Office (ICO) has issued an enforcement notice to Dorset County Hospital NHS Trust (DCHT).
This follows evidence witnessed by the ICO that the organisation was failing to fulfil their statutory obligations under the Freedom of Information Act. DCHT only had a 15% average compliance rate for responding to requests within 20 working days in the 12 months prior to the enforcement notice, and also had a “significant backlog” of older requests.
Read more about this here.
Apple removes data protection tool following UK government’s request for access
The UK government recently made a request to Apple for the ability to access data encrypted using Apple’s Advanced Data Protection (ADP) for the purposes of investigating criminal activity. In response, Apple ultimately decided to remove this feature for UK users.
ADP is an extra layer of protection that users could utilise for data stored in Apple’s iCloud servers, and is known as “true end-to-end encryption”. Information stored using this tool can only be viewed by the account user, and is even inaccessible to Apple (unless they are legally compelled to gain access). New users will now be unable to use ADP, and existing users will have access for a little while longer, but will also have this tool removed for them in the near future.
Read more about this here.
ICO publishes updated response to Data (Use and Access) Bill
As the Data (Use and Access) Bill has now completed its passage through the House of Lords and was subject to a number of amendments, the Information Commissioner has published his updated response to the Bill.
Overall, the Commissioner states that he continues to support the Bill as “improving the effectiveness of the data protection regime in the UK, upholding people’s rights, providing regulatory certainty and clarity for organisations and improving the way the ICO regulates”. In this updated response, he goes into detail about the various amendments since the Bill was introduced, and his current thoughts on these.
Read more about this here.
ICO announces date for DPPC 2025
This month, the ICO announced the date for their next free virtual data protection conference.
On October 14th 2025, the Data Protection Practitioners’ Conference, or DPPC, will be taking place. The previous instalment of this event boasted a huge 5,700 people tuning in, with 97% of respondents claiming to have learned something useful from it. The ICO has opened up suggestions from newsletter subscribers for what they’d like to see this year.
Read more about this here.
GET IN TOUCH WITH US!
If you need any support in ensuring your organisation is complying with the relevant legislation, or require training in the areas of data protection and information security, get in contact with us.
Either call us on 0203 3013384, email us at info@dataprivacyadvisory.com, or fill out a contact form. Our dedicated team will get back to you as soon as possible.
