Cybersecurity

Snap, YouTube, TikTok and Meta settle Kentucky school district lawsuit

At mid-May, Snap, YouTube and TikTok have reached a settlement in a lawsuit brought by the Breathitt County School District in Kentucky. The school district alleged that social media platforms contributed to learning disruption, mental health concerns, and additional financial pressures on schools.

Terms of the settlement have not been disclosed. Meta remained a defendant in the same litigation and was scheduled to proceed to trial on June 15th. However, on May 21st, the company also reached a settlement. The case is one of a broader series of lawsuits involving social media platforms and alleged harms affecting minors and schools.

This follows earlier related cases settled by Snap and TikTok. The companies have faced multiple lawsuits related to alleged harms associated with social media use. In a separate case, a jury awarded damages to a plaintiff in litigation involving Google and Meta. Meta has also recently been ordered to pay $375 million in a separate case brought by New Mexico’s attorney general.

Beyond seeking monetary awards of $60 millions, plaintiffs and state authorities have also called for changes to platform design and online safety measures affecting minors. Additional lawsuits involving social media platforms and youth safety issues remain ongoing in US courts.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore and Google strengthen collaboration on AI innovation and digital governance

Google and Singapore’s Ministry of Digital Development and Information have announced an expanded National AI Partnership designed to accelerate the deployment of frontier AI technologies across the country’s economy and public sector.

The initiative builds on earlier collaboration between Google and Singapore’s digital authorities and aims to support healthcare innovation, scientific research, workforce development, enterprise transformation, and AI governance. Officials said the partnership aligns with Singapore’s National AI Strategy and broader ambitions to position the country as a global AI hub.

A major focus of the collaboration involves healthcare and life sciences. Google DeepMind is exploring AI co-clinician systems with Singapore’s public healthcare sector, examining how AI agents could support doctors and patients throughout medical treatment and decision-making processes.

Google DeepMind will also collaborate with the National Research Foundation to train researchers on agentic AI systems designed to accelerate scientific discovery. Additional partnerships with the Agency for Science, Technology and Research will focus on AI-enabled research and secure cloud-based scientific analysis tools.

The agreement also expands AI deployment in education. Google and Singapore’s Ministry of Education plan to strengthen educator training programmes and integrate AI-powered teaching support tools across schools. Officials said the partnership aims to improve digital learning capabilities while supporting broader AI workforce readiness initiatives.

Singapore and Google additionally announced plans to collaborate on AI safety, governance, and cybersecurity frameworks. A joint initiative involving Cyber Security Agency of Singapore and other agencies is examining how AI agents interact with real-world digital systems and how governance rules should evolve around autonomous AI technologies.

Officials described the partnership as part of a wider effort to deploy frontier AI responsibly while supporting economic growth, public services, and digital transformation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

CNIL reports record complaints and data breaches

The French data protection authority CNIL reported a record year in 2025 for complaints, fines and data breach notifications, while preparing for new responsibilities under the EU AI Act.

CNIL received 20,150 complaints in 2025, up 10% from 2024. The complaints covered issues linked to work, commerce, real estate, social networks and data breaches, with around 1,900 complaints directly concerning breaches.

The authority also received 6,167 data breach notifications, an increase of 9.5% from 2024. Hacking accounted for one in two reported incidents, while cybersecurity failures represented one-third of investigations and nearly 30% of sanctions.

In total, CNIL carried out 323 investigations and issued 259 corrective measures, including 83 sanctions worth nearly €487 million. Two major sanctions accounted for a large share of the total, while the simplified procedure introduced in 2022 allowed faster action in less complex cases.

Cybersecurity will become an even bigger enforcement focus in 2026, with CNIL planning to devote 50% of its controls and enforcement actions to data security. Checks will focus on organisations affected by breaches, those subject to complaints and sectors processing large volumes of sensitive or highly personal data.

The report also highlights CNIL’s role in supporting professionals and public authorities. In 2025, it processed 539 health authorisation applications, handled 1,351 professional advice requests, delivered 90 opinions on draft laws or regulatory texts and launched seven public consultations.

On AI, CNIL is already designated to monitor prohibited uses under the EU AI Act and is expected to become the market surveillance authority for certain high-risk AI systems, including in biometrics, migration, law enforcement, employment and education.

The authority also published AI resources for designers and developers, developed a traceability tool for open-source AI models and joined the PANAME project with ANSSI, Inria and PEReN to test whether AI models process personal data.

Why does it matter?

CNIL’s annual report shows how data protection enforcement is increasingly shaped by cybersecurity and AI. Record breach notifications and complaints point to growing pressure on organisations to secure personal data, while CNIL’s future AI Act responsibilities place the authority at the centre of France’s oversight of prohibited and high-risk AI systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU publishes draft guidance on high-risk AI classification under AI Act

The European Commission has opened a public feedback period on draft guidance related to high-risk AI systems under the EU AI Act.

The draft guidance is intended to help providers and deployers determine whether AI systems fall within the Act’s high-risk category. The document includes examples illustrating how classification criteria may apply in different situations.

Under the AI Act, high-risk classification applies to specified AI use cases that may affect health, safety, or fundamental rights. According to the Commission, the guidance is intended to support consistent interpretation of the rules before compliance obligations take effect.

The document has been made available through the AI Act Single Information Platform. Stakeholders, including businesses, public authorities, researchers, civil society organisations, and citizens, may submit comments until 23 June 2026. The Commission said additional guidance related to high-risk AI obligations is expected at a later stage.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

eSafety Commissioner and Sport Integrity Australia focus on online harms in sport

Australia’s eSafety Commissioner and Sport Integrity Australia have launched a joint initiative focused on online safety in sport.

The Online Safety in Sport Summit brought together representatives from sporting organisations, government agencies, researchers, law enforcement, and technology companies. The discussions focused on cyberbullying, online harassment, and harmful digital behaviour affecting athletes and sporting communities.

During the summit, Australia’s eSafety Commissioner Julie Inman Grant said harmful behaviour linked to sport increasingly occurs across social media, messaging applications, and online communities.

Research presented during the summit, titled ‘The Digital Sideline’, found that nearly one in five children participating in organised sport reported experiencing cyberbullying related to sporting activities.

Officials in Australia said that many reported online harms involved peers, including teammates and competitors, and occurred through private messages and group chats.

Participants highlighted the importance of prevention measures, early intervention, and cooperation between sporting organisations, regulators, and technology companies.

Why does it matter?

Online abuse within sport is becoming an increasingly significant policy and governance issue as digital platforms reshape athlete visibility, fan interaction, and youth participation. Cyberbullying, online harassment, and hate speech can affect mental health, athlete safety, participation rates, and broader social cohesion.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

FTC begins TAKE IT DOWN Act enforcement

The US Federal Trade Commission has begun enforcing the TAKE IT DOWN Act, requiring covered platforms to remove non-consensual intimate images and known identical copies within 48 hours of a valid request.

The FTC enforces Section 3 of the law, which sets a 19 May 2026 deadline for covered platforms to create a process allowing victims and survivors to request the removal of intimate photos or videos shared online without their consent.

As part of its enforcement role, the agency has launched TakeItDown.ftc.gov, a website where victims and survivors can submit complaints about platforms that fail to act on valid removal requests or have not created a removal process.

FTC Chairman Andrew N. Ferguson said the law gives families recourse against digital exploitation and extortion, particularly where children are affected. He added that ‘in the age of AI, anyone can be targeted’, making protections against abuse especially urgent.

The FTC has also published guidance for consumers whose non-consensual intimate images are posted online and separate guidance for businesses on complying with the law.

Ahead of the enforcement deadline, Ferguson sent letters to major platforms, including Alphabet, Amazon, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok and X, reminding them of their obligations under the TAKE IT DOWN Act.

Why does it matter?

The law gives victims of non-consensual intimate image abuse a faster route to removal and gives the FTC a direct enforcement role when platforms fail to comply. Its importance has grown with the spread of AI-generated sexual abuse material and deepfake tools, which can make intimate image abuse easier to create, copy and distribute at scale.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Hong Kong checks AI privacy compliance across sectors

Hong Kong’s Office of the Privacy Commissioner for Personal Data has completed compliance checks on 60 organisations to assess how AI use affects personal data privacy.

The checks, launched in January 2026, covered sectors including banking and finance, education, government departments, insurance, medical services, telecommunications, transport, accounting, food and beverage, logistics, property management, and innovation and technology. The PCPD found no contravention of the Personal Data (Privacy) Ordinance during the exercise.

Among the organisations reviewed, 57 (95%) used AI in day-to-day operations, an increase of 15 percentage points from the previous round of checks. Around 79% of those organisations had used AI for more than a year, while 51% used three or more AI systems.

AI systems were mainly used for administrative support, customer service, research and development, marketing, compliance and risk management, human resources, corporate communications, cybersecurity and data analysis.

Of the 57 organisations using AI, 24 collected or used personal data through AI systems. All provided Personal Information Collection Statements before or during data collection and implemented security measures such as access controls, encryption, penetration testing and anonymisation.

The PCPD found that 23 of those 24 organisations tested AI systems before implementation, while 19 conducted privacy impact assessments. Nineteen adopted a human-in-the-loop approach, and five used a human-in-command model for oversight.

The checks also found that 19 organisations had established AI governance structures, while 17 had internal policies or guidelines for employees’ use of generative AI at work. Twenty organisations provided AI-related training, with most including content on privacy risks.

Also, the PCPD recommended that organisations using AI comply with the Personal Data (Privacy) Ordinance, establish internal governance structures, provide staff training, adopt incident response plans, conduct risk and privacy impact assessments, and regularly audit AI systems. It also urged organisations to use agentic AI prudently by limiting access rights, assessing data sensitivity and maintaining system and data security.

Why does it matter?

The checks show that AI is becoming embedded in business and public-sector operations in Hong Kong, including in areas involving personal data. The PCPD’s findings suggest that many organisations are beginning to adopt safeguards such as impact assessments, human oversight and AI governance structures, while its warnings on agentic AI point to growing concern over systems that can act with greater autonomy and access sensitive data.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Myanmar proposes Anti-Online Fraud Bill targeting digital currency scams

Myanmar’s military-backed authorities have proposed a new Anti-Online Fraud Bill to tackle digital currency scams and online fraud networks operating in the country.

The draft legislation would introduce severe penalties for offences linked to online fraud and ‘digital currency fraud’. Reports citing the text say those convicted could face prison sentences ranging from 10 years to life imprisonment.

The bill also proposes the death penalty in the most serious cases involving online scam centres, particularly where people are unlawfully detained, violently coerced or forced into scam operations. AFP, cited by Malay Mail, reported that the proposed penalty would apply to those who detain or violently coerce victims into working in online scam centres.

The proposal reflects growing pressure on Myanmar over large scam compounds where trafficked people have reportedly been forced into online fraud schemes, including romance and cryptocurrency scams. International scrutiny has intensified as cyber-fraud networks across Southeast Asia continue to target victims globally.

Myanmar’s authorities have presented online fraud and online gambling as national security concerns. State media has previously reported crackdowns, deportations and plans for a national anti-scam centre, while also describing telecom fraud and online gambling as threats requiring stronger enforcement.

The bill comes amid wider regional action against transnational scam networks. China has pursued criminal cases linked to Myanmar-based fraud syndicates, while international organisations and law enforcement agencies have warned that online scam compounds combine cybercrime, financial fraud and human trafficking.

Why does it matter?

The proposed bill shows how governments are escalating responses to transnational online fraud networks, particularly where crypto scams overlap with human trafficking and forced labour in scam compounds. Myanmar’s approach would mark a shift towards extreme punitive measures, raising both enforcement and human rights concerns, while highlighting how digital fraud has become a cross-border security issue involving organised crime, financial losses and exploitation of vulnerable people.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

DIGITALEUROPE urges stronger EU-US digital cooperation

DIGITALEUROPE has called for the rapid implementation of the EU-US trade deal and the launch of a broader transatlantic digital dialogue. The organisation said commitments under the Turnberry Agreement should be implemented to provide greater predictability for businesses.

DIGITALEUROPE said progress on implementing legislation is important for timely adoption of the agreement. The organisation also highlighted the importance of cooperation on digital resilience and competitiveness between the EU and the United States.

According to DIGITALEUROPE, the proposed EU-US Digital Dialogue could address areas including critical technologies, cybersecurity, secure connectivity, and energy technologies. The organisation said industry participation would support cooperation and transatlantic coordination.

DIGITALEUROPE also called for progress on a Cyber Mutual Recognition Agreement between the EU and the US. The statement reflects ongoing efforts to reinforce digital collaboration between Europe and the US.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Financial institutions increase cyber defences following AI security findings

Banking institutions across the United States, Europe, and Japan are strengthening cybersecurity measures following the identification of new vulnerabilities through AI-assisted security analysis tools. The findings have increased discussion around how AI may affect cyber risks across financial infrastructure.

Security teams are reviewing legacy system vulnerabilities and accelerating remediation efforts, according to sector reports. Smaller institutions are relying on intelligence shared by larger banks, while regulators warn that inaction increases exposure to coordinated cyberattacks.

International financial organisations, including the International Monetary Fund, have highlighted potential risks linked to evolving AI-enabled cyber threats.

Recent incidents involving platform breaches, supply-chain compromises, and AI-related exploit techniques have contributed to broader cybersecurity concerns across sectors.

Cybersecurity specialists said defence strategies increasingly rely on coordinated intelligence-sharing and AI-supported security systems.

Why does it matter?

AI is accelerating both the discovery of system weaknesses and the sophistication of cyberattacks, increasing systemic risk across interconnected financial infrastructure. As banking becomes more digitally dependent, cybersecurity shifts into a core stability concern for global financial governance and market resilience.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.