Consumer protection

South Korea retailer admits worst-ever data leak

Coupang disclosed a major data breach on 30 November 2025 that exposed 33.7 million customer accounts. The leaked data includes names, email addresses, phone numbers, shipping addresses and some order history but excludes payment or login credentials.

The company said it first detected unauthorised access on 18 November. Subsequent investigations revealed that attacks likely began on 24 June through overseas servers and may involve a former employee’s still-active authentication key.

South Korean authorities launched an emergency probe to determine if Coupang violated data-protection laws. The government warned customers to stay alert to phishing and fraud attempts using the leaked information.

Cybersecurity experts say the breach may be one of the worst personal-data leaks in Korean history. Critics claim the incident underlines deep structural weaknesses in corporate cybersecurity practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Fraud and scam cases push FIDReC workloads to new highs

FIDReC recorded 4,355 claims in FY2024/2025, marking its highest volume in twenty years and a sharp rise from the previous year. Scam activity and broader dispute growth across financial institutions contributed to the increase. Greater public awareness of the centre’s role also drove more filings.

Fraud and scam disputes climbed to 1,285 cases, up more than 50% and accounting for nearly half of all claims. FIDReC accepted 2,646 claims for handling, with early resolution procedures reducing formal caseload growth. The phased approach encourages direct negotiation between consumers and providers.

Chief Executive Eunice Chua said rising claim volumes reflect fast-evolving financial risks and increasingly complex products. National indicators show similar pressures, with Singapore ranked second globally for payment card scams. Insurance fraud reports also continued to grow during the year.

Compromised credentials accounted for most scam-related cases, often involving unauthorised withdrawals or card charges. Consumers reported incidents without knowing how their details were obtained. The share of such complaints rose markedly compared with the previous year.

Banks added safeguards on large digital withdrawals as part of wider anti-scam measures. Regulators introduced cooling-off periods, stronger information sharing and closer monitoring of suspicious activity. Authorities say the goal is to limit exposure to scams and reinforce public confidence.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK to require crypto traders to report details from 2026

The UK government has confirmed that cryptocurrency traders will be required to report personal details to trading platforms from 1 January 2026. The move forms part of the Cryptoasset Reporting Framework (CAFR), aligned with an OECD agreement, and aims to improve compliance with existing tax rules.

Under the framework, exchanges must provide HM Revenue & Customs (HMRC) with customer information, including cryptocurrency transactions and tax reference numbers.

Traders who fail to supply required details could face fines of up to £300, while platforms may be fined the same amount per unreported customer. HMRC expects to raise up to £315 million by 2030 from the new reporting rules.

Experts warn exchanges may face challenges collecting accurate information, potentially passing compliance costs onto users. Some investors may initially turn to noncompliant platforms, but international standards are expected to drive global alignment over time.

The 2025 Budget also addressed the taxation of DeFi activities such as lending and staking. HMRC appears to favour taxing gains only when they are realised, although no final decision has been made and consultations with stakeholders will continue.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Vanity Fair publisher penalised for cookie breaches

France’s data regulator fined Les Publications Condé Nast €750,000 for unlawful cookie practices on vanityfair.fr. Investigators found consent-based cookies loading immediately when visitors landed on the site.

CNIL officials also noted unclear information describing several trackers as strictly necessary without explaining their true purposes. Users faced further issues when refusal tools failed to block or halt consent-based cookies.

Repeated non-compliance weighed heavily, as the company had already received a formal order in 2021. Earlier proceedings had been closed after corrective steps, yet later inspections showed renewed breaches.

The French regulator stated that millions of visitors were potentially affected by the unlawful tracking activity. The case highlights continuing enforcement efforts under Article 82 of France’s Data Protection Act.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Concerns grow over WhatsApp rules as Italy probes Meta AI practices

Italy’s competition authority has launched an investigation into Meta over potential dominance in AI chatbots. Regulators are reviewing the new WhatsApp Business terms and upcoming Meta AI features. They say the changes could restrict rivals’ access to the platform.

Officials in Italy warn that the revised conditions may limit innovation and reduce consumer choice in emerging AI services. The concerns fall under Article 102 TFEU. The authority states that early action may be necessary to prevent distortions.

The case expands an existing Italian investigation into Meta and its regional subsidiaries. Regulators say technical integration of Meta AI could strengthen exclusionary effects. They argue that WhatsApp’s scale gives Meta significant structural advantages.

Low switching rates among users may entrench Meta’s market position further in Italy and beyond. Officials say rival chatbot providers would struggle to compete if access is constrained. They warn that competition could be permanently harmed.

Meta has announced significant new AI investments in the United States. Italian regulators say this reflects the sector’s growing influence. They argue that strong oversight is needed to ensure fair access to key platforms.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Utah governor urges state control over AI rules

Utah’s governor, Spencer Cox, has again argued that states should retain authority over AI policy, warning that centralised national rules might fail to reflect local needs. He said state governments remain closer to communities and, therefore, better placed to respond quickly to emerging risks.

Cox explained that innovation often moves faster than federal intervention, and excessive national control could stifle responsible development. He also emphasised that different states face varied challenges, suggesting that tailored AI rules may be more effective in balancing safety and opportunity.

Debate across the US has intensified as lawmakers confront rapid advances in AI tools, with several states drafting their own frameworks. Cox suggested a cooperative model, where states lead, and federal agencies play a supporting role without overriding regional safeguards.

Analysts say the governor’s comments highlight a growing split between national uniformity and local autonomy in technology governance. Supporters argue that adaptable state systems foster trust, while critics warn that a patchwork approach could complicate compliance for developers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Huawei and ZTE expand 5G foothold in Vietnam amid US concern

Vietnam has moved to expand its use of Chinese 5G technology, awarding Huawei and ZTE a series of new contracts. Under recent deals, the two companies will supply advanced 5G radio equipment to strengthen network coverage, while European vendors remain responsible for core systems.

Vietnam, which borders China, Laos, and Cambodia, previously echoed allies’ warnings that Chinese-made 5G gear posed an unacceptable security risk. Recent tariff frictions with the United States and shifting economic priorities have since pushed officials to reconsider that stance.

According to local reports, Huawei and ZTE have together secured contracts worth about 43 million dollars for non-core 5G equipment. Ericsson and Nokia are expected to continue supplying the 5G core, with Chinese vendors focused on antennas and related infrastructure at the network edge.

In April, a consortium including Huawei won a 23 million dollar deal to provide 5G gear, shortly after new US tariffs on Vietnamese exports came into force. Analysts say those measures have strained ties between Hanoi and Washington while nudging Vietnam to deepen economic and technological links with Beijing.

Vietnamese supply chain specialist Nguyen Hung says Hanoi is prioritising its own strategic interests, seeing closer ties with Chinese vendors as a route to deeper regional integration. US officials warn the deals could damage network trust and limit access to advanced American technology.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Crypto mining to become legal under Turkmenistan’s new law

Turkmenistan has adopted its first comprehensive law regulating virtual assets, officially legalising cryptocurrency mining and allowing the operation of crypto exchanges, effective January 1, 2026. Signed by President Serdar Berdimuhamedov, the legislation lays out the framework for creating, issuing, storing and trading digital assets, while clearly distinguishing them from legal tender or securities.

Cryptocurrencies will be recognised as objects of civil rights, but cannot be used as a means of payment within the country.

Under the new rules, mining will be allowed for companies and individual entrepreneurs who complete mandatory electronic registration with the Central Bank. Covert mining, which involves using someone else’s computing power without their consent, is strictly prohibited.

Crypto exchanges and related trading platforms must also register with the regulator, with the state disclaiming any responsibility for these entities’ financial obligations.

The law introduces strict requirements for user identification, banning anonymous wallets and transactions to align with anti-money laundering standards. Advertising of cryptocurrencies will be tightly controlled.

Promotional materials must include risk warnings, highlight the possibility of losing all invested funds, and avoid portraying digital assets as an easy path to wealth. Ads cannot use luxury imagery, bonuses, or involve minors.

Additionally, crypto companies are prohibited from using terms associated with national symbols, such as ‘Turkmenistan’ or ‘state,’ in their branding.

Turkmenistan’s move aligns with a broader trend in Central Asia, where countries like Uzbekistan and Kazakhstan have established licensing regimes, mining regulations and even national crypto reserves. The regional push suggests growing interest in formalising digital asset markets while maintaining strict state oversight.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU moves forward on new online child protection rules

EU member states reached a common position on a regulation intended to reduce online child sexual abuse.

The proposal introduces obligations for digital service providers to prevent the spread of harmful content and to respond when national authorities require the removal, blocking or delisting of material.

A framework that requires providers to assess how their services could be misused and to adopt measures that lower the risk.

Authorities will classify services into three categories based on objective criteria, allowing targeted obligations for higher-risk environments. Victims will be able to request assistance when seeking the removal or disabling of material that concerns them.

The regulation establishes an EU Centre on Child Sexual Abuse, which will support national authorities, process reports from companies and maintain a database of indicators. The Centre will also work with Europol to ensure that relevant information reaches law enforcement bodies in member states.

The Council position makes permanent the voluntary activities already carried out by companies, including scanning and reporting, which were previously supported by a temporary exemption.

Formal negotiations with the European Parliament can now begin with the aim of adopting the final regulation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU faces new battles over digital rights

EU policy debates intensified after Denmark abandoned plans for mandatory mass scanning in the draft Child Sexual Abuse Regulation. Advocates welcomed the shift yet warned that new age checks and potential app bans still threaten privacy.

France and the UK advanced consultations on good practice guidelines for cyber intrusion firms, seeking more explicit rules for industry responsibility. Civil society groups also marked two years of the Digital Services Act by reflecting on enforcement experience and future challenges.

Campaigners highlighted rising concerns about tech-facilitated gender violence during the 16 Days initiative. The Centre for Democracy and Technology launched fresh resources stressing encryption protection, effective remedies and more decisive action against gendered misinformation.

CDT Europe also criticised the Commission’s digital omnibus package for weakening safeguards under laws, including the AI Act. The group urged firm enforcement of existing frameworks while exploring better redress options for AI-related harms in the EU legislation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot