Privacy and data protection

Global Network Initiative raises concerns over India’s proposed IT rules amendments

The Global Network Initiative has raised concerns over India’s Draft Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Second Amendment Rules, 2026, warning that the proposals could affect privacy, free expression, and access to information.

The draft amendments were published by India’s Ministry of Electronics and Information Technology on 30 March 2026. GNI said the proposals, although described as procedural and clarificatory, could introduce broader changes to intermediary liability and digital media regulation.

The organisation warns that amendments to Rules 3(1)(g) and 3(1)(h) would require intermediaries to retain user data for at least 180 days, regardless of whether the original purpose for collecting the data has been fulfilled. According to GNI, the proposed data retention requirements could conflict with principles contained in India’s Digital Personal Data Protection Act.

GNI also criticises the proposed insertion of Rule 3(4), which would require platforms to comply with a broad range of executive instruments as a condition for retaining safe harbour protections. GNI said the proposal could expand the practical effect of executive advisories and guidelines on platform moderation decisions.

The statement also raises concerns about proposed changes to Rules 8 and 14, which would extend the Code of Ethics and the authority of the Inter-Departmental Committee to intermediaries and users who share news and current affairs content, even when they are not recognised publishers. According to GNI, the proposed changes could extend aspects of content regulation to users sharing news and current affairs content online.

GNI said the draft amendments could increase regulatory oversight of digital platforms and online content. The organisation said the proposals could affect debates around intermediary liability, platform governance, and digital expression.

GNI called on the Government of India to revise the proposals and consult civil society, industry, and technical experts.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australia’s WGEA outlines AI transparency rules for internal use

Australia’s Workplace Gender Equality Agency has published an AI transparency statement outlining how it uses AI internally, in line with the Digital Transformation Agency’s Policy for the Responsible Use of AI in Government.

The agency uses AI to enhance workplace productivity and support internal service delivery processes, including case management, in a controlled and human-centred manner. It does not use AI for statutory decision-making, compliance determinations, auditing outcomes or enforcement actions.

Internally, AI helps staff manage and respond to enquiries using approved information sources. All outputs are reviewed and approved by WGEA staff before use, and AI-generated material remains advisory only.

The agency does not use AI systems to interact directly with the public or make decisions affecting individuals without human involvement. External communications are reviewed and issued by WGEA staff.

The statement notes that AI does not change WGEA’s accountability for the accuracy, quality or appropriateness of information provided. The agency also monitors usage levels, outcomes and reporting mechanisms to ensure systems operate as intended and align with responsible AI principles.

WGEA designated its Chief Operating Officer as the accountable official on 19 December 2024. The role is responsible for ensuring AI use complies with relevant legislation, whole-of-government policy and internal governance arrangements.

Why does it matter?

The statement shows how public bodies are beginning to formalise transparency around internal AI use, even when systems are not used for direct public interaction or decision-making. By limiting AI to advisory functions, requiring human review and naming an accountable official, WGEA is setting out a practical governance model for low-risk public-sector AI use.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI tests financial data integration in ChatGPT

OpenAI has launched a preview of a personal finance experience in ChatGPT for Pro users in the United States. The feature allows users to connect financial accounts, view a dashboard, and ask questions based on their financial data.

The feature is available on web and iOS apps and supports more than 12,000 financial institutions. OpenAI said the preview will initially be available to a smaller group of users before expanding more broadly.

Users can connect accounts through Plaid, with Intuit support planned. Once authenticated, ChatGPT syncs and categorises financial data, allowing users to view portfolio performance, spending, subscriptions, upcoming payments, and other financial activity.

OpenAI said the feature supports questions related to budgeting, planning, subscriptions, investments, and spending activity. OpenAI said ChatGPT is intended to help users review financial information but is not a substitute for professional financial advice.

Users can also choose to save financial context as ‘Financial memories’ for future conversations, according to OpenAI. OpenAI says those memories are a dedicated type of memory used specifically for financial conversations and can be viewed or deleted from the Finances page.

OpenAI said connected accounts allow access to balances, transactions, investments, and liabilities, but not full account numbers or account controls. Users can disconnect accounts at any time, after which synced account data will be deleted from OpenAI’s systems within 30 days.

Conversations with connected financial accounts default to GPT-5.5 Thinking. OpenAI said it worked with finance professionals to evaluate the feature on personal finance tasks and response quality.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

YouTube expands AI likeness detection tool to more creators

YouTube said it is expanding its AI likeness detection tool to all eligible creators over 18, allowing more users to identify and request the removal of unauthorised AI-generated videos that use their facial likeness.

The company said the feature, available through YouTube Studio, is intended to detect altered or synthetic videos that may depict a user’s face. Once enrolled, users can review detected matches and request the removal of content that violates YouTube’s Privacy Guidelines.

The platform said likeness detection had recently been introduced as a pilot for creators in the YouTube Partner Program and will now roll out gradually over the coming weeks to all eligible creators aged 18 or older.

YouTube said the tool is intended to help users understand where their likeness appears, safeguard their identity, and protect audiences from being misled by AI-generated depictions.

To enrol, users must grant the platform permission to use likeness-detection technology and complete a one-time verification process. According to YouTube, the tool works only on facial likeness and does not cover other identifying features such as voice.

YouTube said removal requests will be assessed under YouTube’s privacy policy, including whether the content is realistic, whether it is labelled as AI-generated, and whether the person can be uniquely identified. The company also provides exceptions for content such as parody or satire.

YouTube spokesperson Jack Malon said:

‘With this expansion, we’re making clear that whether creators have been uploading to YouTube for a decade or are just starting, they’ll have access to the same level of protection.’

The expansion follows earlier testing with creators and broader availability for groups including public officials, politicians, journalists, and the entertainment industry. It comes amid growing concern about deepfakes affecting both public figures and private individuals.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Ghana launches WHO-UNDP programme on AI-driven health system resilience

Ghana has launched an AI-driven health programme aimed at strengthening its healthcare system, improving resilience and protecting vulnerable communities.

The initiative is a joint programme by the World Health Organization and the UN Development Programme, funded by the Government of Japan through the UN Trust Fund for Human Security. It is being implemented in collaboration with Ghana’s Ministry of Health.

The programme focuses on integrating AI into Ghana’s health systems in an ethical, inclusive and people-centred way. It aims to strengthen AI governance, protect health data, build institutional and workforce capacity, and expand digital literacy among healthcare workers and communities.

A key component includes the deployment of AI-enabled early warning systems for climate-sensitive diseases, integrated into national platforms such as DHIS2. The programme will also support responsible private-sector engagement in digital health.

Speaking at the launch, WHO Representative to Ghana said the programme would strengthen the country’s digital health ecosystem by advancing AI governance, safeguarding health data and preparing a workforce able to deliver people-centred care.

UNDP Resident Representative Niloy Bernejee said strengthening health systems and responsible digital innovation could reinforce stability, build resilience and support sustainable development.

The initiative is grounded in a human security approach, focusing on protecting and empowering vulnerable and marginalised populations while improving equitable access to digital health solutions.

Why does it matter?

The programme shows how AI is being integrated into health systems not only as a technical tool, but as part of broader governance, resilience and equity planning. By combining early warning systems for climate-sensitive diseases with data protection, workforce training and digital literacy, Ghana is addressing both immediate healthcare needs and longer-term capacity gaps in responsible digital health.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Global experts gather for CPDP 2026

The CPDP Conference 2026 has released its detailed programme, outlining a multi-day agenda of panels, workshops and cultural sessions focused on AI, data protection and digital governance. The conference will run from 19 to 22 May 2026, bringing together global experts across policy, academia and industry.

Across the programme, a wide range of panels and debates will explore key themes including AI regulation, digital governance, workplace data rights and platform power. Alongside panels and discussions, there will also be short movies and workshops offering conference topics in different formats.

Workshops are scheduled throughout each day, with structured breaks including coffee sessions and lunch intervals offering networking moments for participants. Topics range from AI in healthcare and advertising to digital conflict, governance under pressure and privacy-preserving technologies.

The programme also includes specialised tracks and cultural sessions, such as film screenings and artistic discussions on algorithmic systems, alongside academic panels and policy debates. The event will conclude after a final series of workshops and sessions on 22 May in Brussels, Belgium.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK proposes stronger streaming rules under new Ofcom standards

Ofcom has proposed new content and accessibility standards for major streaming platforms operating in the UK, expanding regulatory oversight across the rapidly growing on-demand media sector. The draft framework follows powers introduced through the Media Act and would align streaming services more closely with traditional broadcast television standards.

The proposed rules would apply to major platforms including Netflix, Amazon and Disney. Ofcom said audiences increasingly expect consistent protections regardless of whether content is viewed through conventional television or streaming services.

The draft Code includes requirements covering harmful or offensive material, fairness and privacy protections, and due impartiality and accuracy for news content. Additional safeguards for minors would also apply, alongside stronger expectations around contextual warnings and viewer information.

Ofcom also proposed new accessibility obligations for streaming providers. Under the draft rules, platforms would need to subtitle 80% of catalogue content, provide audio description for 10%, and provide signing for 5%. The regulator said that more than 18 million people with hearing or sight conditions could benefit from improved accessibility standards across streaming platforms.

Why does it matter?

The proposals signal a major shift in how digital media platforms are regulated in the UK, extending broadcast-style obligations into streaming ecosystems for the first time. The measures could influence global debates around platform accountability, online safety, accessibility standards, and regulatory convergence between traditional media and digital services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

ICO warns organisations about growing AI cyber threats

The UK Information Commissioner’s Office has warned that AI is enabling faster, more advanced and harder-to-detect cyberattacks, urging organisations to strengthen their defences against emerging threats.

In a blog post, the regulator highlighted risks such as AI-generated phishing emails, deepfake social engineering, automated vulnerability scanning, AI-powered malware, credential attacks, data poisoning and indirect prompt injection. The ICO said cybersecurity must be treated as a shared responsibility, with organisations expected to take proactive steps to protect the personal data they hold.

The ICO said strong foundational security measures remain essential, but should be reinforced with layered defences to counter AI-powered threats. It pointed to practical steps such as patching systems, restricting access through multi-factor authentication, applying least-privilege principles and managing supplier risks.

The recommendations also include monitoring systems for unusual activity, carrying out vulnerability scanning and penetration testing, and maintaining regularly tested incident response plans. The ICO said AI can also support cyber defence, but should operate within a clear framework of human oversight and accountability.

Organisations are further advised to minimise data collection, conduct regular data audits and train staff to recognise AI-powered social engineering attacks. The ICO said AI tools processing high-risk personal data should be supported by data protection impact assessments and appropriate safeguards.

Why does it matter?

The ICO’s warning links AI-powered cyber threats directly to data protection obligations. As attackers use AI to scale phishing, exploit vulnerabilities and impersonate trusted contacts, organisations are expected not only to improve technical security, but also to limit the personal data they hold, strengthen governance and prepare for faster-moving incidents.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

CMA opens Strategic Market Status investigation into Microsoft business software

The UK Competition and Markets Authority has opened a Strategic Market Status investigation into Microsoft’s business software ecosystem, marking another major step in the country’s digital competition regime.

The investigation will examine Microsoft’s position across workplace software products widely used throughout the UK economy, including productivity software, personal computer and server operating systems, database management systems, security software and its growing AI assistant ecosystem, including Copilot. The CMA said more than 15 million commercial users across the UK rely on Microsoft’s software ecosystem.

Regulators will assess whether Microsoft has Strategic Market Status in business software and whether its position may limit customer choice. The CMA said it will examine concerns linked to product bundling, interoperability limits and default settings that could make it harder for businesses and public-sector organisations to switch providers or combine Microsoft tools with competing products.

The authority will also examine how competing AI services can integrate with Microsoft’s business software as workplace tools increasingly incorporate AI and agentic AI functions. The CMA said customers should be able to access software and AI services from a range of suppliers rather than being locked into a single ecosystem.

Cloud competition concerns are also linked to the probe. An SMS designation would allow the CMA to consider targeted interventions related to Microsoft’s software licensing practices, which were previously identified as reducing competition in cloud services.

The CMA will gather evidence from Microsoft, customers, rivals, challenger technology firms and other stakeholders before deciding whether to designate Microsoft with Strategic Market Status. The regulator said the investigation does not assume wrongdoing and that any future interventions would depend on the evidence and relevant legal tests.

Why does it matter?

The investigation shows how digital competition oversight is moving deeper into enterprise software, cloud infrastructure and AI-enabled workplace tools. As products such as Copilot become embedded in systems used by businesses and public services, regulators are increasingly treating interoperability, bundling and switching costs as strategic competition issues rather than narrow technical questions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

OpenAI integrates Codex into ChatGPT mobile app

OpenAI has integrated Codex into the ChatGPT mobile app, allowing users to monitor and manage agentic coding workflows from iOS and Android devices.

The feature, currently in preview and available across all plans, lets users view live Codex environments, review outputs, approve commands, change models, and start new tasks from their phones. OpenAI said the update is intended to support work across multiple threads and workflows, rather than to control a single task remotely.

Codex is OpenAI’s coding agent for software development, designed to help with tasks such as building features, refactoring code, generating pull requests, testing and documentation. OpenAI describes the Codex app as a command centre for agentic coding, with agents able to work in parallel across projects through worktrees and cloud environments.

The mobile integration aligns with other recent Codex updates, including background operations in desktop environments and a browser extension for live sessions. Together, the updates point to OpenAI’s effort to turn Codex into a persistent development assistant that can continue working across devices and environments.

The move also comes amid growing competition with Anthropic’s Claude Code, which has introduced similar remote-monitoring features. Both companies are competing to make agentic coding tools central to developer workflows, particularly for businesses and technical teams seeking more autonomous software development support.

Why does it matter?

Mobile access makes agentic coding less tied to a single workstation. If developers can review outputs, approve commands and manage parallel coding tasks from a phone, AI coding agents become more like always-on collaborators than occasional coding assistants. The shift could accelerate competition between OpenAI, Anthropic and other AI firms over who controls the next layer of software development workflows.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.