Cybersecurity

Austrian DPA finds Microsoft 365 Education violates GDPR

Microsoft has been found in violation of the EU’s General Data Protection Regulation (GDPR) over how its Microsoft 365 Education platform handles student data.

The Austrian Data Protection Authority (DSB) issued the ruling after a student, represented by privacy group noyb, was denied full access to their personal data. The complaint exposed a three-way responsibility gap between Microsoft, schools, and national education authorities.

During the COVID-19 pandemic, many schools adopted cloud-based tools like Microsoft 365 Education. However, Microsoft shifted responsibility for GDPR compliance onto schools and ministries, which often lack access to, or control over, student data processed by Microsoft.

In this case, Microsoft redirected the student’s data request to their school, which was unable to provide complete information.

The DSB found Microsoft guilty of multiple GDPR breaches. These included the illegal use of tracking cookies without consent and failing to provide the student full access to their data, violating Article 15.

Microsoft was also ordered to clarify how it uses data for purposes like ‘business modelling’ and whether it shares data with third parties like LinkedIn, OpenAI, or adtech firm Xandr.

Microsoft’s claim that its EU entity in Ireland was responsible for the product was rejected. The DSB ruled that key decisions were made in the USA, making Microsoft Corp the main data controller.

The decision has broad implications, with millions of students and public-sector users relying on Microsoft 365. As Max Schrems of noyb warned, schools and other European institutions will remain unable to meet their legal obligations under the GDPR unless Microsoft makes structural changes.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Imperial College unveils plans for new AI campus in west London

Imperial College London has launched a public consultation on plans for a new twelve-storey academic building in White City dedicated to AI and data science.

A proposed development that will bring together computer scientists, mathematicians, and business specialists to advance AI research and innovation.

A building that will include laboratories, research facilities, and public areas such as cafés and exhibition spaces. It forms part of Imperial’s wider White City masterplan, which also includes housing, a hotel, and additional research infrastructure.

The university aims to create what it describes as a hub for collaboration between academia and industry.

Outline planning permission for the site was granted by Hammersmith and Fulham Council in 2019. The consultation is open until 26 October, after which a formal planning application is expected later this year. If approved, construction could begin in mid-2026, with completion scheduled for 2029.

Imperial College, established in 1907 and known for its focus on science, engineering, medicine, and business, sees the new campus as a step towards strengthening the position of the UK in AI research and technology development.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Amazon expands Project Kuiper with new satellite launches

Amazon’s Project Kuiper is moving ahead with its global satellite internet network, adding another 24 satellites to orbit as part of its ongoing deployment plan.

The latest mission, known as KF-03, is scheduled for today, launching on a SpaceX Falcon 9 rocket from Cape Canaveral Space Force Station in Florida.

The KF-03 launch will bring the total number of Kuiper satellites to 153, furthering the plan of Amazon to build a low Earth orbit constellation of more than 3,200 spacecraft.

Once deployed at an altitude of 289 miles, the satellites will undergo health checks before being raised to their operational orbit of 392 miles. The mission marks Amazon’s third collaboration with SpaceX as part of over 80 launches planned for the project.

Earlier missions in 2025 included deployments using both SpaceX Falcon 9 and ULA Atlas V rockets. The first launch in April carried 27 satellites, followed by additional missions in June, July, August and September.

Each operation has strengthened the foundation of Kuiper’s network, which aims to provide reliable internet connectivity to customers and communities worldwide.

Amazon’s Project Kuiper represents a major investment in global connectivity infrastructure, with its Kennedy Space Center facility in Florida supporting multiple launch campaigns simultaneously.

Once complete, the system is expected to compete with other satellite internet networks by expanding digital access across underserved regions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Beer deliveries falter after Asahi cyber crisis

A ransomware attack by the Qilin group has crippled Asahi Group Holdings, Japan’s leading brewer, halting production across most of its 30 factories. Over 27GB of stolen Asahi data appeared online, forcing manual order processing with handwritten notes and faxes.

The attack has slashed shipments to 10-20% of normal capacity, disrupting supplies of its popular Super Dry beer.

Small businesses, like Tokyo’s Ben Thai restaurant, are left with dwindling stocks, some down to just a few bottles. Retail giants such as 7-Eleven, FamilyMart, and Lawson warn of shortages affecting not only beer but also Asahi’s soft drinks and bottled teas.

Liquor store owners, grappling with limited deliveries, fear disruptions could persist for weeks given Asahi’s 40% market dominance.

Experts point to Japan’s outdated legacy systems and low cybersecurity expertise as key vulnerabilities, making firms like Asahi prime targets. Recent attacks on Japan Airlines and Nagoya’s port highlight a growing trend.

The reliance on high trust in Japanese society further emboldens hackers, who often demand ransoms from unprepared organisations.

The government’s Active Cyber Defense Law aims to strengthen protections by enhancing information sharing and empowering proactive counterattacks. Chief Cabinet Secretary Yoshimasa Hayashi confirmed an ongoing investigation into the Asahi breach.

However, small vendors and customers face ongoing uncertainty, with no clear timeline for full recovery of Japan’s beloved brews.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Tech giants race to remake social media with AI

Tech firms are racing to integrate AI into social media, reshaping online interaction while raising fresh concerns over privacy, misinformation, and copyright. Platforms like OpenAI’s Sora and Meta’s Vibes are at the centre of the push, blending generative AI tools with short-form video features similar to TikTok.

OpenAI’s Sora allows users to create lifelike videos from text prompts, but film studios say copyrighted material is appearing without permission. OpenAI has promised tighter controls and a revenue-sharing model for rights holders, while Meta has introduced invisible watermarks to identify AI content.

Safety concerns are mounting as well. Lawsuits allege that AI chatbots such as Character.AI have contributed to mental health issues among teenagers. OpenAI and Meta have added stronger restrictions for young users, including limits on mature content and tighter communication controls for minors.

Critics question whether users truly want AI-generated content dominating their feeds, describing the influx as overwhelming and confusing. Yet industry analysts say the shift could define the next era of social media, as companies compete to turn AI creativity into engagement and profit.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Unapproved AI tools boom in UK workplaces

Microsoft research reveals 71% of UK employees use unapproved AI tools at work, with 51% doing so weekly, raising concerns about data privacy and cybersecurity risks. Organisations face heightened risks to data privacy and cybersecurity as sensitive information enters unregulated platforms.

Despite these dangers, awareness remains low, as only 32% express concern over data privacy and 29% over IT system vulnerabilities.

Workers favour Shadow AI for its simplicity, with 41% citing familiarity from personal use and 28% noting the absence of approved alternatives at their firms. Common applications include drafting communications (49%), creating reports or presentations (40%), and handling finance tasks (22%).

Generative AI assistants now permeate the workforce, saving an average of 7.75 hours weekly per user- equivalent to 12.1 billion hours annually across the economy, valued at £208 billion.

Sector leaders in IT, telecoms, sales, media, marketing, architecture, engineering, and finance report the highest adoption rates. Employees plan to redirect saved time towards better work-life balance (37%), skill development (31%), and more fulfilling tasks (28%).

Darren Hardman, CEO of Microsoft UK and Ireland, urges businesses to prioritise enterprise-grade tools that blend productivity with robust safeguards.

Optimism about AI has climbed, with 57% of staff feeling excited or confident- up from 34% in January 2025. Familiarity grows too, as confusion over starting points drops from 44% to 36%, and clarity on organisational AI strategies rises from 24% to 43%.

Frontier firms leading in adoption see twice the thriving rates, aligning with global trends where 82% of leaders deem 2025 pivotal for AI.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Study links higher screen time to weaker learning results in children

A study by researchers from Toronto’s Hospital for Sick Children and St. Michael’s Hospital has found a correlation between increased screen time before age eight and lower scores in reading and mathematics.

Published in the Journal of the American Medical Association, the study followed over 3,000 Ontario children from 2008 to 2023, comparing reported screen use with their EQAO standardised test results.

Lead author Dr Catherine Birken said each additional hour of daily screen use was associated with about a 10 per cent lower likelihood of meeting provincial standards in reading and maths.

The research did not distinguish between different types of screen activity and was based on parental reports, meaning it shows association rather than causation.

Experts suggest the findings align with previous research showing that extensive screen exposure can affect focus and reduce time spent on beneficial activities such as face-to-face interaction or outdoor play.

Dr Sachin Maharaj from the University of Ottawa noted that screens may condition children’s attention spans in ways that make sustained learning more difficult.

While some parents, such as Surrey’s Anne Whitmore, impose limits to balance digital exposure and development, Birken stressed that the study was not intended to assign blame.

She said encouraging balanced screen habits should be a shared effort among parents, educators and health professionals, with an emphasis on quality content and co-viewing as recommended by the Canadian Paediatric Society.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google cautions Australia on youth social media ban proposal

The US tech giant, Google (also owner of YouTube), has reiterated its commitment to children’s online safety while cautioning against Australia’s proposed ban on social media use for those under 16.

Speaking before the Senate Environment and Communications References Committee, Google’s Public Policy Senior Manager Rachel Lord said the legislation, though well-intentioned, may be difficult to enforce and could have unintended effects.

Lord highlighted the 23-year presence of Google in Australia, contributing over $53 billion to the economy in 2024, while YouTube’s creative ecosystem added $970 million to GDP and supported more than 16,000 jobs.

She said the company’s investments, including the $1 billion Digital Future Initiative, reflect its long-term commitment to Australia’s digital development and infrastructure.

According to Lord, YouTube already provides age-appropriate products and parental controls designed to help families manage their children’s experiences online.

Requiring children to access YouTube without accounts, she argued, would remove these protections and risk undermining safe access to educational and creative content used widely in classrooms, music, and sport.

She emphasised that YouTube functions primarily as a video streaming platform rather than a social media network, serving as a learning resource for millions of Australian children.

Lord called for legislation that strengthens safety mechanisms instead of restricting access, saying the focus should be on effective safeguards and parental empowerment rather than outright bans.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Netherlands safeguards economic security through Nexperia intervention

The Dutch Minister of Economic Affairs has invoked the Goods Availability Act in response to serious governance issues at semiconductor manufacturer Nexperia.

The measure, announced on 30 September 2025, seeks to ensure the continued availability of the company’s products in the event of an emergency. Nexperia, headquartered in Nijmegen, will be allowed to maintain its normal production activities.

A decision that follows recent indications of significant management deficiencies and actions within Nexperia that could affect the safeguarding of vital technological knowledge and capacity in the Netherlands and across Europe.

Authorities view these capabilities as essential for economic security, as Nexperia supplies chips for the automotive sector and consumer electronics industries.

Under the order, the Minister of Economic Affairs may block or reverse company decisions considered harmful to Nexperia’s long-term stability or to the preservation of Europe’s semiconductor value chain.

The Netherlands government described the use of the Goods Availability Act as exceptional, citing the urgency and scale of the governance concerns.

Officials emphasised that the action applies only to Nexperia and does not target other companies, sectors, or countries. The decision may be contested through the courts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake VPN apps linked to banking malware warn security experts

Security researchers have issued urgent warnings about VPN applications that appear legitimate but secretly distribute banking trojans such as Klopatra and Mobdro.

The apps masquerade as trustworthy privacy tools, but once installed they can steal credentials, exfiltrate data or give attackers backdoor access to devices. Victims may initially notice nothing amiss.

Among the apps flagged, some were available on major app platforms, increasing the risk exposure. Analysts recommend users immediately uninstall any unfamiliar VPN apps, scan devices with a reputable security tool and change banking passwords if suspicious activity is detected.

Developers and platform operators are urged to strengthen vetting of privacy tool submissions. Given that VPNs are inherently powerful (encrypting traffic, accessing network functions), any malicious behaviour can escalate rapidly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot