Privacy and data protection

South Korea retailer admits worst-ever data leak

Coupang disclosed a major data breach on 30 November 2025 that exposed 33.7 million customer accounts. The leaked data includes names, email addresses, phone numbers, shipping addresses and some order history but excludes payment or login credentials.

The company said it first detected unauthorised access on 18 November. Subsequent investigations revealed that attacks likely began on 24 June through overseas servers and may involve a former employee’s still-active authentication key.

South Korean authorities launched an emergency probe to determine if Coupang violated data-protection laws. The government warned customers to stay alert to phishing and fraud attempts using the leaked information.

Cybersecurity experts say the breach may be one of the worst personal-data leaks in Korean history. Critics claim the incident underlines deep structural weaknesses in corporate cybersecurity practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Fraud and scam cases push FIDReC workloads to new highs

FIDReC recorded 4,355 claims in FY2024/2025, marking its highest volume in twenty years and a sharp rise from the previous year. Scam activity and broader dispute growth across financial institutions contributed to the increase. Greater public awareness of the centre’s role also drove more filings.

Fraud and scam disputes climbed to 1,285 cases, up more than 50% and accounting for nearly half of all claims. FIDReC accepted 2,646 claims for handling, with early resolution procedures reducing formal caseload growth. The phased approach encourages direct negotiation between consumers and providers.

Chief Executive Eunice Chua said rising claim volumes reflect fast-evolving financial risks and increasingly complex products. National indicators show similar pressures, with Singapore ranked second globally for payment card scams. Insurance fraud reports also continued to grow during the year.

Compromised credentials accounted for most scam-related cases, often involving unauthorised withdrawals or card charges. Consumers reported incidents without knowing how their details were obtained. The share of such complaints rose markedly compared with the previous year.

Banks added safeguards on large digital withdrawals as part of wider anti-scam measures. Regulators introduced cooling-off periods, stronger information sharing and closer monitoring of suspicious activity. Authorities say the goal is to limit exposure to scams and reinforce public confidence.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK to require crypto traders to report details from 2026

The UK government has confirmed that cryptocurrency traders will be required to report personal details to trading platforms from 1 January 2026. The move forms part of the Cryptoasset Reporting Framework (CAFR), aligned with an OECD agreement, and aims to improve compliance with existing tax rules.

Under the framework, exchanges must provide HM Revenue & Customs (HMRC) with customer information, including cryptocurrency transactions and tax reference numbers.

Traders who fail to supply required details could face fines of up to £300, while platforms may be fined the same amount per unreported customer. HMRC expects to raise up to £315 million by 2030 from the new reporting rules.

Experts warn exchanges may face challenges collecting accurate information, potentially passing compliance costs onto users. Some investors may initially turn to noncompliant platforms, but international standards are expected to drive global alignment over time.

The 2025 Budget also addressed the taxation of DeFi activities such as lending and staking. HMRC appears to favour taxing gains only when they are realised, although no final decision has been made and consultations with stakeholders will continue.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Vanity Fair publisher penalised for cookie breaches

France’s data regulator fined Les Publications Condé Nast €750,000 for unlawful cookie practices on vanityfair.fr. Investigators found consent-based cookies loading immediately when visitors landed on the site.

CNIL officials also noted unclear information describing several trackers as strictly necessary without explaining their true purposes. Users faced further issues when refusal tools failed to block or halt consent-based cookies.

Repeated non-compliance weighed heavily, as the company had already received a formal order in 2021. Earlier proceedings had been closed after corrective steps, yet later inspections showed renewed breaches.

The French regulator stated that millions of visitors were potentially affected by the unlawful tracking activity. The case highlights continuing enforcement efforts under Article 82 of France’s Data Protection Act.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

ByteDance launches AI voice assistant for phones

ByteDance unveiled a new AI voice assistant that will debut on ZTE’s Nubia M153 smartphone. The tool uses the Doubao large language model to handle spoken tasks such as content searches and ticket bookings.

ZTE’s shares jumped after the announcement, helped by strong interest in the device and recent 5G contract wins in Vietnam. The prototype handset is priced at 3,499 yuan and can be pre-ordered in limited quantities.

ByteDance confirmed discussions with multiple manufacturers to integrate the assistant into future smartphones. The firm stated it has no intention of developing its own hardware.

The assistant enters a competitive market led by Huawei and Xiaomi, while Apple has yet to introduce Apple Intelligence in China. Doubao remains China’s most popular consumer AI app, with 159 million monthly active users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Concerns grow over WhatsApp rules as Italy probes Meta AI practices

Italy’s competition authority has launched an investigation into Meta over potential dominance in AI chatbots. Regulators are reviewing the new WhatsApp Business terms and upcoming Meta AI features. They say the changes could restrict rivals’ access to the platform.

Officials in Italy warn that the revised conditions may limit innovation and reduce consumer choice in emerging AI services. The concerns fall under Article 102 TFEU. The authority states that early action may be necessary to prevent distortions.

The case expands an existing Italian investigation into Meta and its regional subsidiaries. Regulators say technical integration of Meta AI could strengthen exclusionary effects. They argue that WhatsApp’s scale gives Meta significant structural advantages.

Low switching rates among users may entrench Meta’s market position further in Italy and beyond. Officials say rival chatbot providers would struggle to compete if access is constrained. They warn that competition could be permanently harmed.

Meta has announced significant new AI investments in the United States. Italian regulators say this reflects the sector’s growing influence. They argue that strong oversight is needed to ensure fair access to key platforms.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Salesforce expands investment in Greece with Greek AgentForce

The presence in Greece is expanding as Salesforce increases its investment and introduces AgentForce in the Greek language.

Salesforce works with major Greek groups such as Motor Oil and OPAP and plans to enter more sectors, including banking and insurance. Senior executives view Greece as a market with strong potential for broader adoption of AI tools.

Executives at the company highlighted growing interest among Greek firms that are already testing or deploying AI agents to support customer services and internal operations.

Robin Fisher, Senior Vice President for the EMEA Growth Markets, noted that the organisation has doubled the number of staff supporting the Greek market over the past two years and intends to continue increasing its investment every three years or sooner.

He also pointed to the presence of Energy Cloud in Greek enterprises and the rapid development of new AI agents for local clients.

The introduction of AgentForce in the Greek language is expected to help companies manage processes more efficiently and support a more profound digital transformation. The initial release covers AgentForce Service and Employee Agent, with broader availability planned for the future.

AgentForce Service operates as a constantly available customer service platform that can be adapted to any sector, offering faster issue resolution and more personalised assistance based on real-time data.

Its design enables full cooperation between employees and AI agents, providing a more effective service model.

Employee Agent functions as a proactive digital assistant that supports staff with daily tasks inside familiar environments, such as Slack or mobile devices. It can manage meetings, assist with onboarding, access internal knowledge and prepare summaries before client discussions.

Salesforce emphasises that the broader rollout of Greek language support will help organisations improve productivity and achieve greater efficiency by combining human expertise with automated capabilities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New digital strategy positions Uzbekistan as emerging AI hub

Uzbekistan has outlined an extensive plan to accelerate digital development by introducing new measures at major AI forums in Tashkent.

The leadership detailed a national effort to strengthen the domestic AI ecosystem, supported by a supercomputer cluster built with Nvidia and a National Transfer Office established in Silicon Valley.

AI-focused curricula will be introduced across regional Future Centres to broaden access to advanced training.

A strong emphasis has been placed on nurturing young talent. An annual interschool competition will identify promising AI startup ideas. At the same time, a presidential contest will select one hundred young participants each year for internships in leading technology companies in the US, the UAE and Europe.

November will be marked as ‘AI month for youth’, and the Silk Road AI Forum will become a recurring event.

A central part of the strategy is the ‘five million AI leaders’ project, which aims to train millions of students, along with teachers and public servants, by 2030. The programme will integrate AI education across schools, vocational institutions and universities instead of limiting it to specialist groups.

The government highlighted the country’s growing appeal for technology investment. Nearly two billion dollars have already been secured for AI and digital projects, IT service exports have risen sharply, and startup activity has expanded significantly.

Work has begun on a central green data centre, developed in collaboration with a Saudi partner, as Uzbekistan seeks to strengthen its position in regional digital innovation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Utah governor urges state control over AI rules

Utah’s governor, Spencer Cox, has again argued that states should retain authority over AI policy, warning that centralised national rules might fail to reflect local needs. He said state governments remain closer to communities and, therefore, better placed to respond quickly to emerging risks.

Cox explained that innovation often moves faster than federal intervention, and excessive national control could stifle responsible development. He also emphasised that different states face varied challenges, suggesting that tailored AI rules may be more effective in balancing safety and opportunity.

Debate across the US has intensified as lawmakers confront rapid advances in AI tools, with several states drafting their own frameworks. Cox suggested a cooperative model, where states lead, and federal agencies play a supporting role without overriding regional safeguards.

Analysts say the governor’s comments highlight a growing split between national uniformity and local autonomy in technology governance. Supporters argue that adaptable state systems foster trust, while critics warn that a patchwork approach could complicate compliance for developers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

South Korea’s Hopae boosts EU presence with €5 million investment

Hopae is expanding into Europe with a €5M investment as the region prepares for mandatory EUDI Wallet adoption. The company aims to help businesses navigate multiple electronic identity systems before new requirements take effect in 2026 and 2027.

The firm plans to offer an intermediary platform that unifies eIDs and wallet-based verification. It says the model can ease compliance for regulated sectors and Very Large Online Platforms, which will need to accept EUDI Wallets under the EU rules.

Hopae has already signed a partnership with Luxembourg’s INCERT, becoming the first officially registered intermediary service. It secured OIDC certification and opened a Luxembourg office, naming Bertrand Bouteloup to lead its European expansion and trust-service ambitions.

The company says its system already integrates more than 50 eIDs and wallets, to reach 100 by mid-2026. CEO Ace Jaehoon Shim says demand for secure, wallet-based identity verification will require further investment across the continent.

Founded in 2022, Hopae previously developed the national vaccination pass in South Korea and has expanded into the United States. It is now contributing to the Korean Architecture Reference Framework while operating offices in Seoul, San Francisco, Paris, and Luxembourg.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!