Should we make money from our data? Top summer stories

Major data leak in the UK puts Afghans at risk

In the UK, it has come to light that thousands of Afghans have been relocated to the country through a secret scheme launched after their personal data was leaked in 2022. The leak included names, contact details, and family information of individuals potentially at risk of being targeted by the Taliban. The data breach – one of the worst in the history of the UK – affected 19,000 people, of whom 4,500 have so far been relocated to the UK. The information was leaked by a British official who blamed it on a spreadsheet being sent via email “outside authorised government systems,” calling it a “serious departmental error.”

For those following UK data protection developments, it has now been officially confirmed that the country's adequacy decision has been extended for six months, until 27 December. Until that date, the UK will continue to be considered a safe third country for data transfers.

Denmark’s EU presidency: “Our digital rules must be simplified”

In the EU, Denmark has assumed the Presidency of the Council. The Danish Minister for Digitalisation Caroline Stage insists that the AI Act and the Digital Services Act, alongside the GDPR, must be part of the digital omnibus package coming this December.

“We should look through all of our digital regulations and we should all, all 27 member states, look into where we can simplify them,” she told Euronews.

She also aims to use the Presidency to push for better protection of children on social media. Denmark has also published its official programme for the Presidency, which includes efforts to simplify data exchange between businesses and authorities, and to initiate negotiations on a revision of the Cybersecurity Act. The revision aims to strengthen the EU’s cybersecurity agency (ENISA) and introduce further security obligations concerning supply chain security.

Peeking into the CPR register leads to attempted murder

In Denmark, a debate has erupted after it was revealed that a former student assistant at the Copenhagen Municipality had accessed the CPR register and sold personal data for use in gang-related activity and for attempted murder. The municipality claims it is not their responsibility to monitor employees’ access to the register since they do not own the system. However, the CPR Office, which manages the register, argues it is up to the municipalities to perform such controls.

IT lawyer Allan Frank from the Danish Data Protection Agency explains that the CPR register is misused almost daily – though not usually in such extreme cases – and suggests that citizens themselves should give consent whenever an authority wants access to their data.

Brazilians can make money from their personal data

Finally, we end with a story from Brazil, where the world’s first pilot project has been launched to let citizens earn money from their personal data. ‘dWallet’, led by the state-owned tech agency Dataprev in collaboration with California-based DrumWave, allows users to store data generated through daily digital activity and accept bids from companies that want access.

The initiative is being praised by investors as a blueprint for a fairer digital economy. It can be compared to third-party cookies, except instead of just accepting or rejecting, users can choose to get paid. Critics, however, warn that the project risks creating a data ecosystem driven not by trust and integrity but by who can pay the most.

‍