Key developments
Appeals court fight over Rhode Island minors' records
Rhode Island's Child Advocate filed an emergency motion in the 1st Circuit in Boston to stop Rhode Island Hospital from producing minors' gender-care records. The filing follows a Texas order from U.S. District Judge Reed O'Connor directing the hospital to turn over five years of records, even though Rhode Island judge Mary McElroy had quashed a DOJ subpoena and barred federal access. The records reportedly include names, diagnoses, gender identity, mental-health history, family and foster-care information, consent records, and treatment histories.
Why it matters
It could determine whether highly sensitive pediatric medical records stay confidential despite cross-jurisdiction subpoenas.
Sources & driving stories
DEMOCRACY FORWARD
Democracy Forward coverageTHE PROVIDENCE JOURNAL
The Providence Journal coverageUK regulator moves against deepfakes and intimate images
Ofcom said it will update its codes of practice to require tech companies to remove non-consensual intimate images and curb AI-generated deepfakes. The changes are slated for autumn, pending UK Parliament action, and would expand hash matching to catch repeated or similar uploads. The move aligns with new UK rules banning nudification tools and requiring takedown of such images within two days.
Why it matters
It would sharpen platform obligations around intimate imagery and AI-generated abuse content.
Sources & driving stories
THE RECORD · Suzanne Smalley
The Record coverageDisney sued over theme-park facial recognition
A class action filed in California alleges Disney used facial recognition at Disneyland and Disney California Adventure entrances without clear notice or meaningful consent. The complaint says biometric data was collected from adults and children, disputes Disney's 30-day deletion claim, and alleges entry scans are compared with photos submitted when park passes are purchased. Plaintiffs seek $5 million in damages and a written-consent requirement.
Why it matters
The suit tests how major consumer venues disclose, retain, and obtain consent for biometric data.
Sources & driving stories
USA TODAY · Zach Wichter
USA Today coverageWorth noting
WORTH NOTING
Shadow AI use jumps fourfold
Verizon's DBIR says 67% of regular workplace AI users were on unauthorized personal accounts, increasing the risk of sensitive data leaving corporate controls.
WORTH NOTING
Microsoft details Azure theft tactics
Storm-2949 abused SSPR, Graph API, Key Vault, and Azure RBAC to steal secrets and exfiltrate OneDrive and SharePoint data from production environments.
WORTH NOTING
Škoda discloses e-commerce breach
The company said attackers exploited an online-store vulnerability to access customer names, contact details, order histories, and hashed passwords, raising phishing and credential-stuffing risk.
Still unclear
OPEN QUESTION
Can the Boston appeal stop disclosure first?
Once the records leave Rhode Island Hospital's custody, the privacy harm may be irreversible.
OPEN QUESTION
Will Ofcom's autumn code change behavior?
The impact depends on Parliament's approval and whether hash matching and two-day takedowns actually reduce NCII and deepfake spread.