Privacy and data protection

Austrian DPA finds Microsoft 365 Education violates GDPR

Microsoft has been found in violation of the EU’s General Data Protection Regulation (GDPR) over how its Microsoft 365 Education platform handles student data.

The Austrian Data Protection Authority (DSB) issued the ruling after a student, represented by privacy group noyb, was denied full access to their personal data. The complaint exposed a three-way responsibility gap between Microsoft, schools, and national education authorities.

During the COVID-19 pandemic, many schools adopted cloud-based tools like Microsoft 365 Education. However, Microsoft shifted responsibility for GDPR compliance onto schools and ministries, which often lack access to, or control over, student data processed by Microsoft.

In this case, Microsoft redirected the student’s data request to their school, which was unable to provide complete information.

The DSB found Microsoft guilty of multiple GDPR breaches. These included the illegal use of tracking cookies without consent and failing to provide the student full access to their data, violating Article 15.

Microsoft was also ordered to clarify how it uses data for purposes like ‘business modelling’ and whether it shares data with third parties like LinkedIn, OpenAI, or adtech firm Xandr.

Microsoft’s claim that its EU entity in Ireland was responsible for the product was rejected. The DSB ruled that key decisions were made in the USA, making Microsoft Corp the main data controller.

The decision has broad implications, with millions of students and public-sector users relying on Microsoft 365. As Max Schrems of noyb warned, schools and other European institutions will remain unable to meet their legal obligations under the GDPR unless Microsoft makes structural changes.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Imperial College unveils plans for new AI campus in west London

Imperial College London has launched a public consultation on plans for a new twelve-storey academic building in White City dedicated to AI and data science.

A proposed development that will bring together computer scientists, mathematicians, and business specialists to advance AI research and innovation.

A building that will include laboratories, research facilities, and public areas such as cafés and exhibition spaces. It forms part of Imperial’s wider White City masterplan, which also includes housing, a hotel, and additional research infrastructure.

The university aims to create what it describes as a hub for collaboration between academia and industry.

Outline planning permission for the site was granted by Hammersmith and Fulham Council in 2019. The consultation is open until 26 October, after which a formal planning application is expected later this year. If approved, construction could begin in mid-2026, with completion scheduled for 2029.

Imperial College, established in 1907 and known for its focus on science, engineering, medicine, and business, sees the new campus as a step towards strengthening the position of the UK in AI research and technology development.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Italy bans deepfake app that undresses people

Italy’s data protection authority has ordered an immediate suspension of the app Clothoff, which uses AI to generate fake nude images of real people. The company behind it, based in the British Virgin Islands, is now barred from processing personal data of Italian users.

The watchdog found that Clothoff enables anyone, including minors, to upload photos and create sexually explicit or pornographic deepfakes. The app fails to verify consent from those depicted and offers no warning that the images are artificially generated.

The regulator described the measure as urgent, citing serious risks to human dignity, privacy, and data protection, particularly for children and teenagers. It has also launched a wider investigation into similar so-called ‘nudifying’ apps that exploit AI technology.

Italian media have reported a surge in cases where manipulated images are used for harassment and online abuse, prompting growing social alarm. Authorities say they intend to take further steps to protect individuals from deepfake exploitation and strengthen safeguards around AI image tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Tech giants race to remake social media with AI

Tech firms are racing to integrate AI into social media, reshaping online interaction while raising fresh concerns over privacy, misinformation, and copyright. Platforms like OpenAI’s Sora and Meta’s Vibes are at the centre of the push, blending generative AI tools with short-form video features similar to TikTok.

OpenAI’s Sora allows users to create lifelike videos from text prompts, but film studios say copyrighted material is appearing without permission. OpenAI has promised tighter controls and a revenue-sharing model for rights holders, while Meta has introduced invisible watermarks to identify AI content.

Safety concerns are mounting as well. Lawsuits allege that AI chatbots such as Character.AI have contributed to mental health issues among teenagers. OpenAI and Meta have added stronger restrictions for young users, including limits on mature content and tighter communication controls for minors.

Critics question whether users truly want AI-generated content dominating their feeds, describing the influx as overwhelming and confusing. Yet industry analysts say the shift could define the next era of social media, as companies compete to turn AI creativity into engagement and profit.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Unapproved AI tools boom in UK workplaces

Microsoft research reveals 71% of UK employees use unapproved AI tools at work, with 51% doing so weekly, raising concerns about data privacy and cybersecurity risks. Organisations face heightened risks to data privacy and cybersecurity as sensitive information enters unregulated platforms.

Despite these dangers, awareness remains low, as only 32% express concern over data privacy and 29% over IT system vulnerabilities.

Workers favour Shadow AI for its simplicity, with 41% citing familiarity from personal use and 28% noting the absence of approved alternatives at their firms. Common applications include drafting communications (49%), creating reports or presentations (40%), and handling finance tasks (22%).

Generative AI assistants now permeate the workforce, saving an average of 7.75 hours weekly per user- equivalent to 12.1 billion hours annually across the economy, valued at £208 billion.

Sector leaders in IT, telecoms, sales, media, marketing, architecture, engineering, and finance report the highest adoption rates. Employees plan to redirect saved time towards better work-life balance (37%), skill development (31%), and more fulfilling tasks (28%).

Darren Hardman, CEO of Microsoft UK and Ireland, urges businesses to prioritise enterprise-grade tools that blend productivity with robust safeguards.

Optimism about AI has climbed, with 57% of staff feeling excited or confident- up from 34% in January 2025. Familiarity grows too, as confusion over starting points drops from 44% to 36%, and clarity on organisational AI strategies rises from 24% to 43%.

Frontier firms leading in adoption see twice the thriving rates, aligning with global trends where 82% of leaders deem 2025 pivotal for AI.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Study links higher screen time to weaker learning results in children

A study by researchers from Toronto’s Hospital for Sick Children and St. Michael’s Hospital has found a correlation between increased screen time before age eight and lower scores in reading and mathematics.

Published in the Journal of the American Medical Association, the study followed over 3,000 Ontario children from 2008 to 2023, comparing reported screen use with their EQAO standardised test results.

Lead author Dr Catherine Birken said each additional hour of daily screen use was associated with about a 10 per cent lower likelihood of meeting provincial standards in reading and maths.

The research did not distinguish between different types of screen activity and was based on parental reports, meaning it shows association rather than causation.

Experts suggest the findings align with previous research showing that extensive screen exposure can affect focus and reduce time spent on beneficial activities such as face-to-face interaction or outdoor play.

Dr Sachin Maharaj from the University of Ottawa noted that screens may condition children’s attention spans in ways that make sustained learning more difficult.

While some parents, such as Surrey’s Anne Whitmore, impose limits to balance digital exposure and development, Birken stressed that the study was not intended to assign blame.

She said encouraging balanced screen habits should be a shared effort among parents, educators and health professionals, with an emphasis on quality content and co-viewing as recommended by the Canadian Paediatric Society.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google cautions Australia on youth social media ban proposal

The US tech giant, Google (also owner of YouTube), has reiterated its commitment to children’s online safety while cautioning against Australia’s proposed ban on social media use for those under 16.

Speaking before the Senate Environment and Communications References Committee, Google’s Public Policy Senior Manager Rachel Lord said the legislation, though well-intentioned, may be difficult to enforce and could have unintended effects.

Lord highlighted the 23-year presence of Google in Australia, contributing over $53 billion to the economy in 2024, while YouTube’s creative ecosystem added $970 million to GDP and supported more than 16,000 jobs.

She said the company’s investments, including the $1 billion Digital Future Initiative, reflect its long-term commitment to Australia’s digital development and infrastructure.

According to Lord, YouTube already provides age-appropriate products and parental controls designed to help families manage their children’s experiences online.

Requiring children to access YouTube without accounts, she argued, would remove these protections and risk undermining safe access to educational and creative content used widely in classrooms, music, and sport.

She emphasised that YouTube functions primarily as a video streaming platform rather than a social media network, serving as a learning resource for millions of Australian children.

Lord called for legislation that strengthens safety mechanisms instead of restricting access, saying the focus should be on effective safeguards and parental empowerment rather than outright bans.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Netherlands safeguards economic security through Nexperia intervention

The Dutch Minister of Economic Affairs has invoked the Goods Availability Act in response to serious governance issues at semiconductor manufacturer Nexperia.

The measure, announced on 30 September 2025, seeks to ensure the continued availability of the company’s products in the event of an emergency. Nexperia, headquartered in Nijmegen, will be allowed to maintain its normal production activities.

A decision that follows recent indications of significant management deficiencies and actions within Nexperia that could affect the safeguarding of vital technological knowledge and capacity in the Netherlands and across Europe.

Authorities view these capabilities as essential for economic security, as Nexperia supplies chips for the automotive sector and consumer electronics industries.

Under the order, the Minister of Economic Affairs may block or reverse company decisions considered harmful to Nexperia’s long-term stability or to the preservation of Europe’s semiconductor value chain.

The Netherlands government described the use of the Goods Availability Act as exceptional, citing the urgency and scale of the governance concerns.

Officials emphasised that the action applies only to Nexperia and does not target other companies, sectors, or countries. The decision may be contested through the courts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake VPN apps linked to banking malware warn security experts

Security researchers have issued urgent warnings about VPN applications that appear legitimate but secretly distribute banking trojans such as Klopatra and Mobdro.

The apps masquerade as trustworthy privacy tools, but once installed they can steal credentials, exfiltrate data or give attackers backdoor access to devices. Victims may initially notice nothing amiss.

Among the apps flagged, some were available on major app platforms, increasing the risk exposure. Analysts recommend users immediately uninstall any unfamiliar VPN apps, scan devices with a reputable security tool and change banking passwords if suspicious activity is detected.

Developers and platform operators are urged to strengthen vetting of privacy tool submissions. Given that VPNs are inherently powerful (encrypting traffic, accessing network functions), any malicious behaviour can escalate rapidly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

ICE-tracking apps pulled from the App Store

Apple has taken down several mobile apps used to track US Immigration and Customs Enforcement (ICE) activity, sparking backlash from developers and digital rights advocates. The removals follow reported pressure from the US Department of Justice, which has cited safety and legal concerns.

One affected app, Eyes Up, was designed to alert users to ICE raids and detention locations. Its developer, identified only as Mark for safety reasons, said he believes the decision was politically motivated and vowed to contest it.

The takedown reflects a wider debate over whether app stores should host software linked to law enforcement monitoring or protest activity. Developers argue their tools support community safety and transparency, while regulators say such apps could risk interference with federal operations.

Apple has not provided detailed reasoning for its decision beyond referencing its developer guidelines. Google has also reportedly removed similar apps from its Play Store, citing policy compliance. Both companies face scrutiny over how content moderation intersects with political and civil rights issues.

Civil liberties groups warn that the decision could set a precedent limiting speech and digital activism in the US. The affected developers have said they will continue to distribute their apps through alternative channels while challenging the removals.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot