Privacy and data protection

EU examines Amazon and Microsoft influence in cloud services

European regulators have launched three market investigations into cloud computing amid growing concerns about sector concentration.

The European Commission will assess whether Amazon Web Services and Microsoft Azure should be designated as gatekeepers for their cloud services under the Digital Markets Act, despite not meeting the formal threshold criteria.

Officials argue that cloud infrastructure now underpins AI development and many digital services, so competition must remain open and fair.

A move that signals a broader shift in EU oversight of strategic technologies. Rather than focusing solely on size, investigators will examine whether the two providers act as unavoidable gateways between businesses and users.

They will analyse network effects, switching costs and the role of corporate structures that might deepen market dominance. If the inquiries confirm gatekeeper status, both companies will face the DMA’s full obligations and a six-month compliance period.

A parallel investigation will explore whether existing DMA rules adequately address cloud-specific risks that might limit competition. Regulators aim to clarify whether obstacles to interoperability, restricted access to data, tying of services and imbalanced contractual terms require updated obligations.

Insights gathered from industry, public bodies and civil society will feed into a final report within 18 months, potentially leading to changes via a delegated act.

EU officials underline that Europe’s competitiveness, technological resilience and future AI capacity rely on a fair cloud environment. They argue that a transparent and contestable market will strengthen Europe’s strategic autonomy and encourage innovation.

The inquiries will shape how digital platforms are regulated as cloud services become increasingly central to economic and social life.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI search tools put to the test in UK study

AI tools are shaping online searches, but testing reveals notable risks in relying on them. ChatGPT, Google Gemini, Microsoft Copilot, Meta AI, and Perplexity were tested on 40 questions in finance, law, health, and consumer rights.

Results show errors, incomplete advice, and ethical oversights remain widespread despite AI’s popularity.

More than half of UK adults now use AI for online searches, with frequent users showing higher trust in the responses. Around one in ten regularly seeks legal advice from AI, while others use it for financial or medical guidance.

Experts warn that overconfidence in AI recommendations could lead to costly mistakes, particularly when rules differ across regions in the UK.

Perplexity outperformed other tools in accuracy and reliability, while ChatGPT ranked near the bottom. Google’s AI overview (AIO) often delivers better results for legal and health queries, while its Gemini chatbot scores higher on finance and consumer questions.

Users are encouraged to verify sources, as many AI outputs cite vague or outdated references and occasionally promote questionable services.

Despite flaws, AI remains a valuable tool for basic research, summarising information quickly and highlighting key points. Experts advise using multiple AI tools and consulting professionals for complex financial, legal, or medical matters.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Electricity bills surge as data centres drive up costs across the US

Massive new data centres, built to power the AI industry, are being blamed for a dramatic rise in electricity costs across the US. Residential utility bills in states with high concentrations of these facilities, such as Virginia and Illinois, are surging far beyond the national average.

The escalating energy demand has caused a major capacity crisis on large grids like the PJM Interconnection, with data centre load identified as the primary reason for a multi-billion pound spike in future power costs. These extraordinary increases are being passed directly to consumers, making affordability a central issue for politicians ahead of upcoming elections.

Lawmakers are now targeting tech companies and AI labs, promising to challenge what they describe as ‘sweetheart deals’ and to make the firms contribute more to the infrastructure they rely upon.

Although rising costs are also attributed to an ageing grid and inflation, experts warn that utility bills are unlikely to decrease this decade due to the unprecedented demand from rapid data centre expansion.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Old laws now target modern tracking technology

Class-action privacy litigation continues to grow in frequency, repurposing older laws to address modern data tracking technologies. Recent high-profile lawsuits have applied the California Invasion of Privacy Act and the Video Privacy Protection Act.

A unanimous jury verdict recently found Meta Platforms violated CIPA Section 632 (which is now under appeal) by eavesdropping on users’ confidential communications without consent. The court ruled that Meta intentionally used its SDK within a sexual health app, Flo, to intercept sensitive real-time user inputs.

That judgement suggests an electronic device under the statute need not be physical, with a user’s phone qualifying as the requisite device. The legal success in these cases highlights a significant, rising risk for all companies utilising tracking pixels and software development kits (SDKs).

Separately, the VPPA has found new power against tracking pixels in the case of Jancik v. WebMD concerning video-viewing data. The court held that a consumer need not pay for a video service but can subscribe by simply exchanging their email address for a newsletter.

Companies must ensure their privacy policies clearly disclose all such tracking conduct to obtain explicit, valid consent. The courts are taking real-time data interception seriously, noting intentionality may be implied when a firm fails to stem the flow of sensitive personally identifiable information.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

ALX and Anthropic partner with Rwanda on AI education

A landmark partnership between ALX, Anthropic, and the Government of Rwanda has launched a major AI learning initiative across Africa.

The program introduces ‘Chidi’, an AI-powered learning companion built on Anthropic’s Claude model. Instead of providing direct answers, the system is designed to guide learners through critical thinking and problem-solving, positioning African talent at the centre of global tech innovation.

An initiative, described as one of the largest AI-enhanced education deployments on the continent, that will see Chidi integrated into Rwanda’s public education system. A pilot phase will involve up to 2,000 educators and select civil servants.

According to the partners, the collaboration aims to ensure Africa’s youth become creators of AI technology instead of remaining merely consumers of it.

A three-way collaboration that unites ALX’s training infrastructure, Anthropic’s AI technology, and Rwanda’s progressive digital policy. The working group, the researchers noted, will document insights to inform Rwanda’s national AI policy.

The initiative sets a new standard for inclusive, AI-powered learning, with Rwanda serving as a launch hub for future deployments across the continent.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cloudflare buys AI platform Replicate

Cloudflare has agreed to purchase Replicate, a platform simplifying the deployment and running of AI models. The technology aims to cut down on GPU hardware and infrastructure needs typically required for complex AI.

The acquisition will integrate Replicate’s extensive library of over 50,000 AI models into the Cloudflare platform. Developers can then access and deploy any AI model globally using just a single line of code for rapid implementation.

Matthew Prince, Cloudflare’s chief executive, stated the acquisition will make his company the ‘most seamless, all-in-one shop for AI development’. The move abstracts away infrastructure complexities so developers can focus only on delivering amazing products.

Replicate had previously raised $40m in venture funding from prominent investors in the US. Integrating Replicate’s community and models with Cloudflare’s global network will create a singular platform for building tomorrow’s next big AI applications.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Abridge AI scribe allegedly gives doctors an hour back daily

A new study led by Yale University confirmed that Abridge’s ambient AI scribe significantly reduces burnout for medical professionals. Clinicians who used the documentation technology experienced a sharp decline in burnout rates over the first thirty days of use.

AI may offer a scalable solution to administrative demands faced by practitioners nationwide. The quality study, published in ‘Jama Network Open’, examined 263 practitioners across six different healthcare systems.

Burnout rates dropped from 51.9 percent to 38.8 percent after the one-month intervention programme. Secondary analysis showed the AI scribes reduced the odds of burnout by a substantial seventy-four percent.

The ambient AI scribe also led to substantial improvements in the clinicians’ cognitive task load. Practitioners reported they were better able to give undivided attention to patients during their clinical consultations.

High documentation demands are increasing clinician attrition, whilst physician shortages multiply across the sector. Reducing the burdensome administrative load is now critical for maintaining quality patient care and professional well-being.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New EU rules aim to accelerate GDPR complaint handling

The Council of the European Union has approved new rules aimed at speeding up the handling of cross-border data protection complaints, marking a significant update to the enforcement of the General Data Protection Regulation (GDPR) across the bloc. The new regulation aims to address long-standing bottlenecks in cooperation between national data protection authorities, which often hinder investigations involving companies operating across multiple EU countries.

Among the key changes is the introduction of harmonised criteria for determining whether a complaint is admissible, ensuring that citizens receive the same treatment no matter where they file a GDPR complaint. The rules also strengthen the rights of both complainants and companies under investigation, including clearer procedures for participation in the case and access to preliminary findings.

To reduce administrative burdens, the regulation introduces a simplified cooperation procedure for straightforward cases, allowing authorities to close cases more quickly without relying on the full cooperation framework.

Standard investigations will now be subject to a maximum 15-month deadline, extendable by another 12 months for particularly complex cases. Simple cooperation cases must be concluded within 12 months.

With the Council’s adoption, the legislative process is complete. The regulation will enter into force 20 days after its publication in the EU’s Official Journal and will begin to apply 15 months later. It updates the GDPR’s cross-border enforcement system, under which a single lead authority handles cases but must coordinate with other national regulators when individuals in multiple member states are affected.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

WhatsApp to support cross-app messaging

Meta is launching a ‘third-party chats’ feature on WhatsApp in Europe, allowing users to send and receive messages from other interoperable messaging apps.

Initially, only two apps, BirdyChat and Haiket, will support this integration, but users will be able to send text, voice, video, images and files. The rollout will begin in the coming months for iOS and Android users in the EU.

Meta emphasises that interoperability is opt-in, and messages exchanged via third-party apps will retain end-to-end encryption, provided the other apps match WhatsApp’s security requirements. Users can choose whether to display these cross-app conversations in a separate ‘third-party chats’ folder or mix them into their main inbox.

By opening up its messaging to external apps, WhatsApp is responding to the EU’s Digital Markets Act (DMA), which requires major tech platforms to allow interoperability. This move could reshape how messaging works in Europe, making it easier to communicate across different apps, though it also raises questions about privacy, spam risk and how encryption is enforced.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Eurofiber France confirms the major data breach

The French telecommunications company Eurofiber has acknowledged a breach of its ATE customer platform and digital ticket system after a hacker accessed the network through software used by the company.

Engineers detected the intrusion quickly and implemented containment measures, while the company stressed that services remained operational and banking data stayed secure. The incident affected only French operations and subsidiaries such as Netiwan, Eurafibre, Avelia, and FullSave, according to the firm.

Security researchers instead argue that the scale is far broader. International Cyber Digest reported that more than 3,600 organisations may be affected, including prominent French institutions such as Orange, Thales, the national rail operator, and major energy companies.

The outlet linked the intrusion to the ransomware group ByteToBreach, which allegedly stole Eurofiber’s entire GLPI database and accessed API keys, internal messages, passwords and client records.

A known dark web actor has now listed the stolen dataset for sale, reinforcing concerns about the growing trade in exposed corporate information. The contents reportedly range from files and personal data to cloud configurations and privileged credentials.

Eurofiber did not clarify which elements belonged to its systems and which originated from external sources.

The company has notified the French privacy regulator CNIL and continues to investigate while assuring Dutch customers that their data remains safe.

A breach that underlines the vulnerability of essential infrastructure providers across Europe, echoing recent incidents in Sweden, where a compromised IT supplier exposed data belonging to over a million people.

Eurofiber says it aims to strengthen its defences instead of allowing similar compromises in future.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!