dpas bulletin - june 2026
Welcome back to our monthly DPAS bulletin, where we cover the latest data protection news and developments from around the world.
Who will be left picking up the pieces when the AI hot potato goes off in healthcare? Which UK watchdog has gone after big tech with some teeth? Which UK watchdog intends to do nothing about misleading practices? Has the Information Commissioner saga finally ended? Will the Orwellian depiction of Europe in 2031 lead to anything?
Read about all this and more in our latest DPAS Data Protection Bulletin.
Don’t misdiagnose me, Mr. Roboto

You know, I don’t think doctors have enough to be concerned about as a profession. Thankfully, AI is looking to solve that. According to a rather sobering report from the Medical Protection Society (MPS), doctors and NHS organisations risk becoming the default liability sink for medical negligence when clinical AI tools (inevitably) mess up.
Under the UK’s current legal framework, if an AI misses a tumour on an X-ray or hallucinatingly suggests an unsafe dosage of something, it’s the clinician who signed off on it who will likely face the music. The MPS is rightly calling out this widening gulf between rapid tech adoption and lagging legislation, pleading with ministers to reclassify AI tools as “products” under the Consumer Protection Act 1987. That way, tech developers and manufacturers actually have to share the blame when their code goes rogue, rather than leaving doctors holding the liability hot potato.
Read more about this here.
CMA mauls Google AI overviews

The UK’s Competition and Markets Authority (CMA) has taken a bite out of big tech under its shiny new digital markets competition regime. The watchdog has issued a legal order requiring Google to give publishers a way to opt out of having their content used to power AI overviews.
Google has dispassionately scraped articles, regurgitated them into an AI summary at the top of the search page, and robbed publishers of the web traffic needed to keep the lights on. Now, Google has nine months to build tools that allow websites to refuse their advances. Most heartwarmingly, they cannot penalise those websites that do!
Even better, if they do let the AI use their content, Google is now legally required to give clear attribution and frictionless links back to the original source. Now this is my kind of AI news!
Read more about this here.
John Edwards resigns over “bad attempts at humour”

Though the details of what the former Information Commissioner explicitly said remain shrouded in secrecy, Science and Technology Secretary Liz Kendall referenced vulgar and highly sexualised language.
John Edwards, who has been back in New Zealand over the last few months, posted a surprising message on LinkedIn conceding his position. At least, in keeping with the theme of this bulletin, he found time to warn us all about the incoming AI tsunami before logging off for good.
Read more about this here.
2031: the sequel to 1984?

A coalition of European tech founders, policy experts, and venture capitalists has decided that standard white papers are no longer working. Their work, Europe 2031, linked below, is a novella-style horror about the EU’s current AI trajectory.
The premise is dark: individual American AI labs already wield more raw computing power than the entire European continent combined. By 2031, Europe’s regulatory posturing backfires completely. The US and China rapidly monopolise agentic AI. White-collar jobs are decimated. European cybersecurity is rendered obsolete overnight by frontier models. The EU is left economically hollowed out, politically irrelevant, and with absolutely nothing left to trade.
A dark read, but I enjoyed it. Personally, I’d put it above The Great Gatsby.
Is that an inflammatory statement to farm engagement or the opinion of a man running on little sleep after staying up to watch the delayed England v Mexico? You decide.
Read more about this here.
Your next favourite influencer might have an extra finger

If you’ve recently found yourself scrolling past an emotional video of a bride crying over a wedding app or a glamorous creator posing poolside in Bali, there’s a good chance neither of them actually exists.
An investigation by The Guardian has revealed that brands are quietly deploying hyper-realistic, AI-generated “influencers” to mimic real consumer experiences and push products. According to deepfake detection experts, the illusion is getting dangerously good. Allegedly, 70% of people can’t spot these fakes, leaving the door wide open for deceptive advertising. But don’t expect the regulators to rush to your rescue.
The UK’s Advertising Standards Authority (ASA) has already piped up to confirm that there is absolutely nothing in its rulebook prohibiting brands from using AI-generated clones without disclosure. The EU, at least, is prepared to enforce mandatory deepfake labelling under the AI Act.
On an unrelated note, I have come up with a completely original novella idea that I shall entitle UK 2031…
Read more about this here.
DUAA brings in complaints changes, and the fearmongering that follows reaches GDPR levels

If that headline confuses you, you may have missed the influx of calls urging you to reform your SAR process before June 19th! Of course, it is not a change that justifies anything near that dramatic of a response.
Put simply, every business, big or small, must provide a crystal-clear path for people to lodge complaints. The fearmongering around this was unjust because it was already the case before the DUAA codified it. The ICO was meant to be used as a last resort for complainants when a data subject has complained to the organisation but feels the organisation’s response is inadequate; only then should the complaint be escalated to the ICO for review. However, that middle part was being skipped over.
So, now we have it embedded in the legislation. If you get a complaint, you have 30 days to formally acknowledge it, investigate it and communicate the outcome. Will this change data subjects going straight to the ICO? Probably not, but at least it gives the ICO a sign to tap when they send the complainant back to the organisation.
Read more about this here.
GET IN TOUCH WITH US!

If you need any support in ensuring your organisation is complying with the relevant legislation, or require training in the areas of data protection and information security, get in contact with us.
Either call us on 0203 3013384, email us at info@dataprivacyadvisory.com, or fill out our contact form. Our dedicated team will get back to you as soon as possible.




