Human rights principles

Denmark faces backlash over AI welfare surveillance

Concerns are mounting over Denmark’s use of AI in welfare fraud detection, with Amnesty International condemning the system for violating privacy and risking discrimination. Algorithms developed by Udbetaling Danmark (UDK) and ATP flag individuals suspected of benefit fraud, potentially breaching EU laws. Amnesty argues these tools classify citizens unfairly, resembling prohibited social scoring practices.

The AI models process extensive personal data, including residency, citizenship, and sensitive information that may act as proxies for ethnicity or migration status. Critics highlight the disproportionate targeting of marginalised groups, such as migrants and low-income individuals. Amnesty accuses the algorithms of fostering systemic discrimination while exacerbating existing inequalities within Denmark’s social structure.

Experts warn that the system undermines trust, with many recipients reporting stress and depression linked to invasive investigations. Specific algorithms like ‘Really Single’ scrutinise family dynamics and living arrangements, often without clear criteria, leading to arbitrary decisions. Amnesty’s findings suggest these practices compromise human dignity and fail to uphold transparency.

Amnesty is urging Danish authorities to halt the system’s use and for the EU to clarify AI regulations. The organisation emphasises the need for oversight and bans on discriminatory data use. Danish authorities dispute Amnesty’s findings but have yet to offer transparency on their algorithmic processes.

EU Human Rights Commissioner focuses on Ukraine and AI

Michael O’Flaherty, the Council of Europe’s new Commissioner for Human Rights, warned that failing to defend Ukraine would be an ‘existential loss’ for Europe. Speaking at the Web Summit in Lisbon, O’Flaherty emphasised the critical need for Europe to stand firm in supporting Ukraine amid growing authoritarianism and human rights abuses. He also highlighted the risks posed by emerging technologies, particularly AI, and stressed the importance of human rights safeguards in tech regulation.

O’Flaherty, in his first year as commissioner, underscored the enormous potential of AI to improve lives but also warned of its dangers, such as discrimination and misuse in warfare. He called for stronger regulations to ensure AI advancements align with human rights commitments. His focus on Ukraine comes at a time when the country’s challenges and human rights violations continue to dominate global discussions, with high-profile figures like Yulia Navalnaya and Olena Zelenska also speaking out on human rights issues at the summit.

As technology continues to evolve rapidly, O’Flaherty stressed the need for better communication between the tech sector and human rights advocates, aiming to create a more unified approach to solving global challenges. He also advocated for holding perpetrators of atrocities, like those in Ukraine, criminally accountable, reinforcing the preventive role of justice.

Amnesty International raises alarm over AI-driven discrimination in Danish welfare system

Amnesty International has raised significant concerns about the Danish welfare authority, Udbetaling Danmark (UDK), and its partner, Arbejdsmarkedets Tillægspension (ATP), using AI tools in fraud detection for social benefits.

The organisation warns that these AI systems may disproportionately discriminate against vulnerable groups, including individuals with disabilities, low-income persons, migrants, refugees, and marginalised racial communities. This is detailed in Amnesty’s report, ‘Coded Injustice: Surveillance and Discrimination in Denmark’s Automated Welfare State,’ which criticises the risk of entrenching social inequalities instead of supporting at-risk populations.

The report condemns what it describes as mass surveillance practices, highlighting the erosion of privacy due to the extensive collection of sensitive data such as residency, citizenship, and family relationships. Amnesty argues that such practices not only compromise individual dignity but also facilitate algorithmic discrimination, particularly through systems like the ‘Really Single’ and ‘Model Abroad’ algorithms. These tools may unfairly target atypical family setups or those with foreign affiliations, further marginalising already vulnerable communities. The psychological impact is severe, with individuals describing the stress of ongoing investigations as living ‘at the end of a gun,’ exacerbating mental distress particularly among people with disabilities.

Why does it matter?

The report points to issues of transparency and accountability, critiquing UDK and ATP for resisting full disclosure of their AI systems and dismissing claims of using a social scoring mechanism without robust justification. It also links these practices to potential violations of international, EU, and Danish commitments to privacy and non-discrimination. Amnesty called for an immediate halt to the use of these algorithms, the prohibition of ‘foreign affiliation’ data in risk assessments, and urged the European Commission to provide clarity on AI practices considered as social scoring, ensuring that human rights are safeguarded amid technological advancements.

UN cybercrime treaty heads to final vote amid US support

The UN Cybercrime Convention is moving closer to a full vote in the General Assembly following its approval at a recent meeting. Despite significant opposition from the private sector, civil society, and US congressional members, the United States and the United Kingdom defended their support of the treaty.

US officials acknowledged concerns but emphasised that ‘this Convention, by its explicit terms, does not permit Parties to misuse the Convention or any part of it to suppress human rights’ and that ‘the US further call on all states to take necessary steps within their domestic legal systems to ensure the Convention will not be applied in a manner inconsistent with human rights obligations, including those relating to speech, political dissent, and sexual identity’.

Jonathan Shrier, a US representative to the UN, emphasised that the US would hold governments accountable for any misuse of the treaty and encouraged signatories to pass laws safeguarding human rights. He also highlighted mechanisms to monitor and address future abuses under the treaty, urging countries to reject data-sharing requests from those violating its human rights protections.

The UK also issued a statement endorsing the treaty but acknowledged that some member states have already resisted its human rights obligations. In the statement, the UK highlighted that it ‘will not cooperate with any country which does not comply with the safeguards required by this Convention’.

DiploFoundation recently organised an expert discussion to discuss directly with some delegations the contents of the UN convention, including the human rights provisions.

UN Cybercrime Convention: What does it mean and how will it impact all of us?

After three years of negotiations initiated by Russia in 2017, the UN member states at the Ad Hoc Committee (AHC) adopted the draft of the first globally binding legal instrument on cybercrime. This convention will be presented to the UN General Assembly for formal adoption later this year. The Chair emphasised that the convention represents a criminal justice legal instrument and that the aim is to combat cybercrime by prohibiting certain behaviours by physical persons rather than to regulate the behaviour of member states.

The convention’s adoption has proceeded despite significant opposition from human rights groups, civil society, and technology companies, who had raised concerns about the potential risks of increased surveillance. In July, DiploFoundation invited experts from various stakeholder groups to discuss their expectations before the final round of UN negotiations and to review the draft treaty. Experts noted an unprecedented alignment between industry and civil society on concerns with the draft, emphasising the urgent need for a treaty focused on core cybercrime offences, strengthened by robust safeguards and precise intent requirements.

Once formally adopted, how will the UN Cybercrime Convention (further – UN Convention) impact the security of users in the cyber environment? What does this legal instrument actually state about cross-border cooperation in combating cybercrime? What human rights protections and safeguards does it provide?

We invited experts representing the participating delegations in these negotiations to provide us with a better understanding of the agreed draft convention and its practical implications for all of us. 

Below, we’re sharing the main takeaways, and if you wish to watch the entire discussion, please follow this link.

Overview of the treaty: What would change once the UN Convention comes into effect?

Irene Grohsmann, Political Affairs Officer, Arms Control, Disarmament and Cybersecurity at the Federal Department of Foreign Affairs FDFA (Switzerland), started outlining that there are a few things that will change once the convention comes into force. The Convention will be new in the sense that it provides a legal basis for the first time at the UN level for states to request mutual legal assistance from each other and other cooperation measures to fight cybercrime. It will also provide, for the first time, a global legal basis for further harmonisation of criminal legal provisions regarding cybercrime between those future states parties to the convention. 

‘The Convention will be new in a sense that it provides a legal basis for the first time at UN level for states to request mutual legal assistance from each other and other cooperation measures to fight cybercrime. It will also provide, for the first time, a global legal basis for further harmonisation of criminal legal provisions, regarding cybercrime, between those future states parties to the convention.’

Irene Grohsmann, Political Affairs Officer, Arms Control, Disarmament and Cybersecurity at the Federal Department of Foreign Affairs FDFA (Switzerland)

At the same time, as Irene mentioned, the Convention will remain the same, specifically not the currently applicable standards (such as data protection and human rights safeguards) for fighting cybercrime in the context of law enforcement or cooperation measures. The new UN Convention does not change those existing standards but rather upholds them. 

UN Convention vs. the existing instruments: How would they co-exist?

Irene reminded that the UN Convention largely relies on, and was particularly inspired by the Budapest Convention, and therefore will not exclude the application of other existing international or regional instruments, nor will it take precedence over them. It will rather exist, side by side, with other relevant legal frameworks. This is explicitly stated in the Convention’s preamble and Article 60. Furthermore, regional conventions are typically more concrete and thus remain highly relevant in combating cybercrime. Irene noted that when states are parties to a regional convention and the UN Convention, they can opt for the regional one if it offers a more specific basis for cooperation. When states have ratified multiple conventions, they use key principles to decide which to apply, such as specificity and favorability.

Andrew Owusu-Agyemang, Deputy Manager at the Cyber Security Authority (Ghana), agreed with Irene, highlighting the Malabo Convention’s specific provisions on data protection, cybersecurity, and national cybersecurity policy. Andrew noted that the Budapest Convention complements Malabo by covering procedural powers and international cooperation gaps, benefiting parties like Ghana, a member of both. The novelty in the UN Cybercrime Convention, however, is the fact that the text introduces the criminalisation of the non-consensual dissemination of intimate images. Together, these instruments are complementary, filling gaps where others need more.

‘All these treaties can coexist because they are complementary in nature and do not polarize each other. However, the novelty in the UN Cybercrime Convention is that it introduces the criminalization of the non-consensual dissemination of intimate images.’

Andrew Owusu-Agyemang, Deputy Manager at the Cyber Security Authority (Ghana)

Cross-border cooperation and access to electronic evidence: What does the UN Convention say about this, including Article 27?

Catalina Vera Toro, Alternate Representative, Permanent Mission of Chile to the OAS, Ministry of Foreign Affairs (Chile), addressed how the UN Cybercrime Convention, particularly Article 27, handles cross-border cooperation for accessing electronic evidence, allowing states to compel individuals to produce data stored domestically or abroad if they have access to it. However, this raises concerns over accessing data across borders without the host country’s consent—a contentious issue in cybercrime. The Convention emphasises state sovereignty and encourages cooperation through mutual legal assistance rather than unilateral actions, advising states to request data access through established frameworks. While Article 27 allows states to order individuals within their borders to provide electronic data, it does not provide for unilateral cross-border data access without the consent of the other state involved.

‘The fact that we have a convention is also a positive note on what diplomacy and multilateralism can achieve. This convention helps bridge gaps between existing agreements and brings in new countries that are not part of those instruments, making it an instrumental tool for addressing cybercrime. That’s another positive aspect to consider.’

Catalina Vera Toro, Alternate Representative, Permanent Mission of Chile to the OAS, Ministry of Foreign Affairs (Chile)

Catalina noted that this approach balances effective law enforcement with respect for sovereignty. Unlike the Budapest Convention, which raised sovereignty concerns, the UN Convention emphasises cooperation to address these fears. While some states worry it may bypass formal processes, the Convention’s focus on mutual assistance aims to respect jurisdictions while enabling cybercrime cooperation.

Briony Daley Whitworth, Assistant Secretary, Cyber Affairs & Critical Technology Branch, Department of Foreign Affairs and Trade (Australia), added on the placement of this article in the convention as it pertains to law enforcement powers for investigating cybercrime within a state’s territory, distinct from cross-border data sharing. This article must be considered alongside the jurisdiction chapter, which outlines the treaty’s provisions for investigating cybercrimes, including those linked to the territory of each state party. The sovereignty provisions set limits on enforcement powers, dictating where they apply. The article also includes procedural safeguards for data submission requests, such as judicial review. Importantly, ‘specified electronic data’ must be clarified, covering data on personal devices and data controlled but not possessed by individuals, such as cloud-stored information. Legal entities, not just individuals, may be involved; for example, law enforcement would need to request data from a provider like Google rather than the user. Briony highlighted that this framework in the UN Convention drew heavily from the Budapest Convention and stressed the importance of examining its existing interpretations, used by over 76 countries, to guide how Article 27 might be applied, reinforcing that cross-border data access requires the knowledge of the state involved.

Does the convention clarify how individuals and entities can challenge data requests from law enforcement? Briony emphasised the need for clear conditions and safeguards, noting that the convention requires compliance with international human rights laws and domestic review mechanisms. Individuals can challenge orders through judicial review, and law enforcement must justify warrants with scope, duration, and target limitations. However, Briony cautioned that the treaty’s high-level language relies on countries implementing these safeguards domestically. Catalina added that the convention’s protections work best as an integrated framework, noting that countries with strong checks and balances, like Chile, already offer resources for individual rights protection.

‘Human rights protections were really at the forefront of a lot of the negotiations over the last couple of years. We managed to set a uniquely high bar in the general provisions on human rights protections for a UN convention, particularly a criminal convention. This convention not only affirms that human rights apply but also states that nothing in it can be interpreted to permit the suppression of human rights. Additionally, it includes an article on the protection of personal data during international transfers, which is rare for a UN crime convention. Objectively, this convention offers more numerous and robust safeguards than other UN conventions. One of our priorities was ensuring that this convention does not legitimise bad actions. While we cannot stop bad actors, we can ensure that this convention helps combat their actions without legitimising them, which we have largely achieved through the human rights protections.’

Briony Daley Whitworth, Assistant Secretary, Cyber Affairs & Critical Technology Branch, Department of Foreign Affairs and Trade (Australia)

How does the UN Convention define and protect ‘electronic data’?

Catalina noted that defining ‘electronic data’ was challenging throughout negotiations, with interpretations varying based on a country’s governance, which impacts legal frameworks and human rights protections. The convention defines electronic data broadly, covering all types of data stored in digital services, including personal documents, photos, and notes – regardless of whether that data has been communicated to anyone. Importantly, accessing electronic data generally has a lower threshold than accessing content or traffic data, which have more specific definitions within the convention.

This broader definition enables states to request access to electronic data, even if it contains private information intended to remain confidential. However, Catalina emphasised that domestic legal frameworks and other provisions within the convention are designed to protect human rights and safeguard individual privacy. 

Briony also clarified that electronic data’ specifically refers to stored data, not actively communicated data. States differentiate electronic data from subscriber, traffic, and content data related to network communications. This definition is based on the Budapest Convention’s terminology for computer data, allowing for a wider interpretation of the types of data involved. She also emphasised that the UN Convention establishes a high standard for human rights protections, affirming their applicability and stating that it should not be interpreted to suppress rights. It includes provisions for protecting personal data during international transfers and reinforcing commitment to human rights in electronic data contexts. However, Briony added that the Convention has some flaws, noting that Australia wishes certain elements had been more thoroughly addressed. Nonetheless, the UN convention is a foundational framework for building trust among states to combat cybercrime effectively while balancing human rights commitments.

Technology transfer: What are the main takeaways from the convention to facilitate capacity building?

Andrew highlighted that technical assistance and capacity development are fundamental to effectively implementing this convention. The UN Cybercrime Treaty lays a robust foundation for technical assistance and capacity development, offering practical mechanisms such as MOUs, personnel exchanges, and collaborative events to strengthen countries’ capacities in their fight against cybercrime. The convention’s technical assistance chapter encourages parties to enter multilateral or bilateral agreements to implement relevant provisions. These MOUs, in particular, can facilitate the development of the capacities of law enforcement agencies, judges, and prosecutors, ensuring that cybercrime is prosecuted effectively.

Implementation and additional protocols: Which mechanisms does the draft convention include for keeping up to date with the pace of technological developments?

Irene clarified that, although the UN Convention has been adopted at the AHC, some topics need further discussion among member states. Due to time constraints, these discussions were postponed, including which crimes should be included in the criminalisation chapter. Some states, like Switzerland, prefer a focused list of cyber-dependent crimes, while others advocate for a broader inclusion of both cyber-dependent and cyber-enabled crimes. Irene noted that resource considerations influence Switzerland’s perspective, emphasising the need to focus on ratification and implementation rather than dividing resources with a supplementary protocol. While a supplementary protocol will need discussion in the future, there is still time to determine its content or negotiation topics.

Irene emphasised that the convention uses technology-neutral language to keep the text up-to-date with technological developments, allowing it to focus on behaviour rather than specific technologies, similar to the successful Budapest Convention. Adopted in 2001, the Budapest Convention has remained relevant for over two decades, and we hope for the same with the UN Convention. Additionally, the convention allows for future amendments; once in force and the Conference of States Parties is established, member states can address any coverage inadequacies and consider amendments five years after implementation.

Ambassador Asoke Mukerji, India’s former ambassador to the United Nations in New York, who chaired India’s national multiple-stakeholder group on recommending cyber norms for India in 2018, noted that, despite initial scepticism about the feasibility of such a framework, the current momentum demonstrates that, with trust and commitment, it is possible to establish international agreements addressing cybercrime. He also praised the effectiveness of multistakeholder participation in addressing the evolving challenges in cyberspace. However, Ambassador Mukerji cautioned about challenges regarding technology transfer, referring to recent statements at the UN General Assembly that could restrict such efforts. He expressed hope that developing countries would receive the necessary flexibility to negotiate favourable terms.

‘The negotiations took place against a very difficult global environment, and our participation from India proved to be useful. It demonstrated that countries, committed to a functional multilateral system, can benefit from it, impacting our objectives of international cooperation. Additionally, the process highlighted the effectiveness of multistakeholder participation in cyberspace. The convention and its negotiation process validate our choice to use this model to address the new challenges facing multilateralism.’

Ambassador Asoke Mukerji, India’s former ambassador to the United Nations in New York

Concluding remarks

The panellists unanimously highlighted the indispensable role of human rights standards, emphasising that any practical international cooperation against cybercrime must prioritise these principles. Briony also pointed out that the increasingly complex cyber threat landscape demands a collective response to enhance cybersecurity resilience and capabilities. The treaty’s significant achievements, including protections against child exploitation and the non-consensual dissemination of intimate images, reflect a commitment to safeguarding both victims’ and offenders’ rights. Catalina highlighted that certain types of crimes, such as gender-based violence, were also included in the text, and this is another significant achievement.

All experts also agreed that the active involvement of civil society, NGOs, and the private sector is vital for ensuring that diverse expertise contributes meaningfully to the ratification and implementation processes. Public-private partnerships were specifically mentioned as essential for fostering collaboration in cybercrime prevention. Ultimately, the success of the Convention lies not only in its provisions but also in the collaborative spirit that must underpin its implementation. By working together, stakeholders can create a safer and more secure cyberspace for all.

We at Diplo invite you all to re-watch the online expert discussion and engage in a broader conversation about the impacts of this negotiation process. In the meantime, stay tuned! We’ll further provide updates and analysis on the UN cybercrime convention and relevant processes.

UK investigates Google’s partnership with AI firm Anthropic

Britain’s Competition and Markets Authority (CMA) is investigating the partnership between Alphabet, Google’s parent company, and AI startup Anthropic due to concerns about competition. Regulators have grown increasingly cautious about agreements between major tech firms and smaller startups, especially after Microsoft-backed OpenAI sparked an AI boom with ChatGPT’s launch.

Anthropic, founded by former OpenAI executives Dario and Daniela Amodei, received a $500 million investment from Alphabet last year, with another $1.5 billion promised. The AI startup also relies on Google Cloud services to support its operations, raising concerns over the competitive impact of their collaboration.

The CMA began assessing the partnership in July and has set 19 December as the deadline for its Phase 1 decision. The regulator will determine whether the investigation should proceed to the next stage. Anthropic has pledged full cooperation, insisting that its strategic alliances do not compromise its independence or partnerships with other firms.

Alphabet has emphasised its commitment to fostering an open AI ecosystem. A spokesperson clarified that Anthropic is not restricted to using only Google Cloud services and is free to explore partnerships with multiple providers.

US FCC mandates hearing aid compatibility for mobile phones

The Federal Communications Commission (FCC) has enacted new regulations requiring all mobile phones sold in the US to be compatible with hearing aids, significantly enhancing accessibility for individuals with hearing loss. Specifically, these rules mandate that manufacturers adopt standard Bluetooth coupling for universal connectivity, thereby eliminating proprietary standards.

In addition, mobile handsets must meet specific volume benchmarks to ensure that sound quality is maintained when the volume is increased. Furthermore, to inform consumers, handset manufacturers must clearly label their devices to indicate compliance with these new hearing aid compatibility standards.

Notably, these changes stem from years of study and advocacy by the Hearing Aid Compatibility (HAC) Task Force, which provided recommendations to the FCC. As a result, the FCC’s regulations aim to provide greater choice and improved functionality for the 48 million Americans with hearing loss, ensuring they can access a wider range of mobile technologies and features.

AI stress hits workers worldwide

A survey conducted by Wiley reveals that 96% of workers in the US feel stressed about adapting to AI at work. Many employees are grappling with how to integrate the rapidly evolving technology into their daily tasks, with 40% struggling to do so and 75% lacking confidence in their AI skills.

Managers also face challenges in leading AI transitions. Only 34% of people managers feel ready to support their teams effectively, exposing a knowledge gap that could hinder AI adoption. Meanwhile, 80% of employees believe their managers are supportive, though just 60% think their managers possess the expertise to guide them through the process.

Clearer strategies and structured training could ease the pressure. About 61% of employees say training on AI tools would help, while 54% believe a defined organisational strategy would make adoption smoother. Furthermore, 48% suggest that setting clearer expectations around AI use would boost their confidence.

Wiley’s report recommends three strategies for improving AI integration. Organisations are encouraged to define specific AI use cases, improve communication with employees, and provide targeted training for managers to lead their teams through the transition more effectively. Tracey Carney, the lead researcher, stresses the importance of equipping both employees and managers to handle the evolving demands of AI.

US adopts ‘click to cancel’ rule for easier subscription management

The United States Federal Trade Commission (FTC) has introduced a new ‘click to cancel‘ rule, designed to simplify the process of ending subscriptions. The rule mandates that businesses must make it just as easy for consumers to cancel a subscription as it is to sign up for one, and requires customer consent before renewing subscriptions or converting free trials into paid services.

Under the new regulations, businesses will no longer be allowed to force customers to navigate chatbots or agents to cancel subscriptions initiated via an app or website. The rule will take effect in about six months and aims to save consumers time and money by eliminating unnecessary hurdles. For subscriptions made in person, companies must provide an option to cancel by phone or online.

The FTC has previously sued Amazon and Adobe for making it difficult for consumers to cancel subscriptions. Amazon was accused of using misleading website designs to push people into automatic Prime renewals, while Adobe allegedly imposed hidden fees and unclear cancellation terms. Both companies have rejected the claims.

Similar measures have also been adopted in the United Kingdom. The Digital Markets, Competition and Consumers Act 2024 ensures that businesses must give clear information to customers before they enter into subscription agreements, and make it easier for them to cancel or end contracts.

Meta’s oversight board investigates anti-immigration posts on Facebook

Meta’s Oversight Board has initiated a detailed investigation into how the company handles anti-immigration content on Facebook, following numerous user complaints. Helle Thorning-Schmidt, co-chair of the board and former Danish prime minister, underscored the crucial task of balancing free speech with the need to protect vulnerable groups from hate speech.

The investigation particularly focuses on two contentious posts. The first is a meme from a page linked to Poland’s far-right Confederation party, featuring former prime minister Donald Tusk in a racially charged image that alludes to the EU’s immigration pact. The image utilises language perceived as a racial slur in Poland, raising ethical concerns about its impact. The second case involves an AI-generated image posted on a German Facebook page opposing leftist and green parties. It portrays a woman with Aryan features in a stop gesture with accompanying text condemning immigrants as ‘gang-rape specialists,’ a narrative linked to perceived outcomes of the Green Party’s immigration policies. This portrayal not only uses inflammatory rhetoric but also touches on deeply sensitive cultural issues within Germany.

Thorning-Schmidt highlighted the importance of examining Meta’s current approach to managing ‘coded speech’—subtle language or imagery that carries derogatory implications while avoiding direct violations of community standards.

The board’s investigation will assess whether Meta’s policies on hate speech are robust enough to protect individuals and communities at risk of discrimination, while still allowing for critical discourse on immigration matters. Meta’s policy is designed to protect refugees, migrants, immigrants, and asylum seekers from severe attacks while allowing critique of immigration laws.

Why does it matter?

The outcome of this investigation could prompt significant changes in how Meta moderates content on sensitive topics like immigration, striking a balance between curbing hate speech and preserving freedom of expression. Moreover, Meta’s oversight board tackling politically sensitive posts shows the broader challenges social media platforms face in moderating content that balances the fine line between free expression and inciting division. It highlights the ongoing debate on the role of these platforms in managing nuanced or politically sensitive content, potentially setting a precedent.

Diplo chatbot can make mistakes. Consider checking important information.