Privacy and data protection

AI-powered search coming to Reddit

Reddit is set to overhaul its search functionality in 2025 by integrating AI-powered features to help users find better answers to complex and subjective questions. CEO Steve Huffman announced that the company will incorporate Reddit Answers, a tool that summarises discussions and highlights key responses, into its existing search system.

The company is also forming a dedicated team of engineers to refine and expand these AI-driven search capabilities. This move follows Reddit’s broader AI strategy, which has already introduced translation tools and AI-powered insights for advertisers. The platform has also experimented with AI-curated search result pages to improve content discovery across different communities.

Despite these advancements, Reddit’s latest earnings report disappointed investors, with daily active users reaching 101.7 million falling short of expectations. Huffman suggested that making search an integral part of user onboarding could help boost engagement and monetisation, positioning AI-powered search as a key driver of Reddit’s future growth.

For more information on these topics, visit diplomacy.edu

Apple chooses Alibaba as AI partner for China

Apple has partnered with Chinese tech giant Alibaba to develop AI features for iPhones in China, aiming to bolster its presence in a highly competitive market. The collaboration follows months of uncertainty over Apple’s AI strategy in the country, where rivals like Huawei have already integrated AI tools into their devices. The move marks a shift from Apple’s earlier preference for Baidu, which reportedly fell short of the company’s expectations.

The partnership could help Apple regain lost ground after a decline in iPhone sales during the holiday season, a period typically strong for the company. The AI-powered features have been submitted for regulatory approval in China, a crucial step before their rollout. Apple’s stock saw a 1.5% rise following the news, while Alibaba’s US-listed shares gained 2.6%.

Apple’s decision to work with Alibaba was reportedly influenced by the e-commerce giant’s vast datasets on user shopping and payment habits, which could enhance AI model training and improve personalised services. As Apple anticipates strong sales growth in the current quarter, this partnership could play a key role in driving renewed demand for iPhones in China.

For more information on these topics, visit diplomacy.edu.

DeepSeek under scrutiny by European regulators

European regulators have raised concerns about DeepSeek, a Chinese artificial intelligence startup, signalling potential further actions over its data practices. The European Data Protection Board (EDPB) highlighted the issue following Italy’s decision to block DeepSeek’s chatbot due to insufficient transparency about personal data usage.

Regulators in countries like France, the Netherlands, and Belgium have also questioned the company’s data collection methods.

During a monthly meeting, the EDPB emphasised the growing need for coordinated responses to address urgent data protection issues. A taskforce initially focused on OpenAI’s ChatGPT has now expanded to include DeepSeek.

The move reflects the increasing regulatory attention on AI systems and their impact on citizens’ privacy rights across Europe.

The EDPB spokesperson confirmed the creation of a quick response team to support national authorities in handling sensitive matters. These efforts are part of Europe’s commitment to strict enforcement of its General Data Protection Regulation (GDPR), recognised as the world’s most robust privacy law.

DeepSeek’s rise in popularity has drawn intense scrutiny, underlining the EU’s proactive stance in safeguarding privacy in the evolving AI landscape.

For more information on these topics, visit diplomacy.edu.

Power connection delays could slow France’s AI growth

France has positioned itself as a major player in artificial intelligence, attracting over €100 billion in investment, thanks in part to its reliable nuclear energy. At the AI Action Summit in Paris, President Emmanuel Macron highlighted the country’s clean power supply as a key advantage in luring tech firms. Among recent investments is a $10 billion supercomputer project by UK-based Fluidstack, expected to require 1 gigawatt of electricity, equivalent to one of France’s smaller nuclear reactors.

However, experts warn that delays in connecting power-hungry data centres to the grid could hinder progress. While data centres can be built in under a year, constructing the necessary transmission lines often takes five years due to permitting and public consultation requirements. The United States is seen as having a clear advantage in fast-tracking infrastructure development.

In response, state-owned utility EDF has designated four sites with pre-existing grid connections, potentially cutting project timelines by several years. While these efforts may help, the challenge of scaling infrastructure remains a significant obstacle to France’s AI ambitions.

For more information on these topics, visit diplomacy.edu

Apple granted UK authorities iCloud data in just 4 of 6,000 requests since 2020—excluding Investigatory Powers Act cases

Since 2020, Apple has provided iCloud data to UK authorities in response to four of more than 6,000 legal requests for customer information under non-IPA laws. This data excludes requests made under the Investigatory Powers Act (IPA), the UK’s primary law for accessing tech company data.

From January 2020 to June 2023, Apple received between 0 and 499 IPA-related requests in the first half of 2023, reported in bands of 500. Due to legal limitations, Apple cannot disclose details about these requests.

Earlier reporting linked the low number of content disclosures to efforts by the UK government to force Apple to provide encrypted iCloud data. However, due to the data’s lack of detail, no direct connection can be made.

The UK government previously stated that it has made over 10,000 requests to US companies since the US-UK Data Access Agreement began, providing crucial data for law enforcement in cases related to terrorism, organized crime, and other serious offenses.

Apple’s transparency reports suggest that content data is shared more frequently in other countries, such as the US, where it responded to 22,306 requests in 2020-2023. In comparison, most countries see lower content disclosures due to restrictions on sharing with foreign governments.

The British government’s Technical Capability Notice (TCN), revealed by The Washington Post, follows Apple’s 2022 introduction of optional end-to-end encryption (E2EE) for iCloud. While the UK government did not characterise it as such, critics see the TCN as a potential ‘back door’ to Apple’s encrypted data. Apple has declined comment, while the UK government refrains from discussing operational matters.

The controversy reflects ongoing debates about the balance between encryption, privacy, and law enforcement access to encrypted data.

China tops global data breach rankings in 2024, experts warn

In 2024, three countries entered the top 10 for the highest number of breached accounts. China topped the list, rising from 12th place in 2023, Germany moved up to fifth from 16th, and Poland secured the tenth spot, up from 17th, according to Surfshark, a cybersecurity firm. Despite these changes, Russia, the US, France, India, Brazil, Italy, and the UK remained in the top 10 for both years.

Brazil and Italy saw significant increases, climbing two spots each in 2024. Brazil experienced a 24-fold rise in breached accounts, while Italy saw a 21-fold surge. Russia and France maintained their positions in second and fourth place, though both saw dramatic increases, with Russia’s breaches rising 11 times and France’s nearly 14 times.

In 2024, regional data breach statistics show that Europe had the highest share, accounting for 29% of all breached accounts, totalling over 1.6 billion, with Russia leading the region. Asia followed as the second-most affected region, contributing 23% to the global total, or nearly 1.3 billion breached accounts, with China at the forefront. North America ranked third, representing 14% of all breaches, or about 770 million compromised accounts, primarily from the US.

The US, India, and the UK dropped in rankings in 2024, but the number of breached accounts in these regions still rose. The US saw a 39% increase, ranking third globally, while India recorded five times more breaches than in 2023, and the UK experienced a 14-fold surge. China had the most dramatic increase, with breached accounts jumping nearly 340 times compared to the previous year.

In 2024, Australian users also faced a cyber attack every second, marking a twelvefold increase compared to the previous year. This contributed to a global rise in data breaches, with 5.6 billion accounts compromised worldwide, averaging 176 breaches per second. This global figure represents an eightfold increase from 2023, when 23 accounts were breached per second.

Data Protection Day 2025: A new mandate for data protection

This analysis will be a detailed summary of Data Protection Day, providing the most relevant aspects from each session. The event welcomed people to Brussels, as well as virtually, to celebrate Data Protection Day 2025 together.

Filled with a tight schedule, the event programme kicked off with opening remarks by the Secretary General of the European Data Protection Supervisor (EDPS), followed by a day of panels, speeches and side sessions from the brightest of minds in the data protection field.

Keynote speech by Leonardo Cervera Navas

Given the recent political turmoil in the EU, specifically the repealing of the Romanian elections a few months ago, it was no surprise that the first keynote speech addressed how algorithms are used to destabilise democracies and threaten them. Navas explained how third-country algorithms are used against EU democracies to target their values.

He then went on to discuss how there is a big power imbalance when certain wealthy people with their companies dominate the tech world and end up violating our privacy. However, he turned towards a hopeful future when he spoke about how the crisis in Europe is making us Europeans stronger. ‘Our values are what unite us, and part of them are the data protection values the EDPB strongly upholds’, he emphasised.

He acknowledged the evident overlap of rules and regulations between different legal instruments but also highlighted the creation of tools that can help uphold our privacy, such as the Digital Clearing House 2.0.

Organiser’s panel moderated by Kait Bolongaro

This panel discussed a wide variety of data protection topics, such as the developments on the ground, how international cooperation played a role in the fight against privacy violations, and what each panellist’s priorities were for the upcoming years. That last question was especially interesting to hear given the professional affiliations of each panellist.

What is interesting about these panels, is the fact that the organisers spent a lot of time curating a diverse panel. They had people from academia, private industry, public bodies, and even the EDPS. This ensures that a panel’s topic is discussed from more than one point of view, which is much more engaging.

Wojciech Wiewiorowski, the current European Data Protection Supervisor, reminded us of the important role that data protection authorities (DPAs) play in the effective enforcement of the GDPR. Matthias Kloth, Head of Digital Governance and Sport, CoE, showed us a broader perspective. As his work surrounds the evolved Convention 108, now known as Convention 108+, he shed some light on the advancements of updating and bringing past laws into today’s modern age.

Regarding international cooperation, each panellist had their own unique take on how to facilitate and streamline it. Wiewiorowski correctly stated that data has no borders and that cooperation with everyone is needed, as a global effort. However, he reminded, that in the age of cooperation, we cannot have a low level of protection by following the ‘lowest common denominator level of protection’.

Jo Pierson, Professor at the Vrije University Brussels and the Hasselt University, said that international cooperation is very challenging. He gave the example that country’s values may change overnight, giving the example of Trump’s recent re-election victory.

Audience questions

A member of the audience posed a very relevant question regarding the legal field as a whole.
He asked the panellists what they thought of the fact that enforcing one’s rights is a difficult and
costly process. To provide context, he explained how a person must be legally literate and bear their own costs for litigation to litigate or filing an appeal.

Wiewiorowski of the EDPS pointed out that changing the procedural rules of the GDPR is not feasible to tackle this issue. There is the option for small-scale procedural amendments, but he does not foresee the GDPR being opened up in the coming years.

However, Pierson had a more practical take on the matter and suggested that this is where individuals and civil society organisations can join forces. Individuals can approach organisations such as noyb, Privacy International, and EDRi for help or advice on the matter. But then it begs the question, on whose shoulders should this burden rest?

One last question from the audience was about the bombshell new Chinese AI ‘DeepSeek’ recently dropped onto the market. The panellists were asked whether this new AI is an enemy or a friend to us Europeans. Each panellist avoided calling Chinese AI an enemy or a friend, but they did find common ground on the fact that we need international cooperation and that an open-source AI is not a bad thing if it can be trained by Europeans.

The last remark regarding this panel was Wiewiorowski’s comment on Chinese AI and how he compared it to ‘Sputnik Day’ (the 1950s space race between the United States and the USSR). Are we in a new technological gap? Will non-Western allies and foes beat us in this digital arms race?

Data protection in a changing world: What lies ahead? Moderated by Anna Buchta

This session also had a series of interesting questions for high-profile panellists. The range of this panel was impressive as it regrouped opinions from the European Commission, the Polish Minister of Digital Affairs, the European Parliament, the UK’s Information Commissioner, and DIGITALEUROPE.

Notably, Marina Kaljurand from LIBE and her passion for cyber matters. She revealed that many people in the European Parliament are not tech literate. On the other hand, some people are extremely well-versed in how the technology is used. There seems to be a big information asymmetry within the European Parliament that needs to be addressed if they are to vote on digital regulations.

She gave an important overview of the state of data transfers with the UK and the USA. The UK has in place an adequacy decision that has raised multiple flags in the European Parliament and is set to expire in June 2025.

The future of data transfer in the UK is very uncertain. As for the USA, she mentioned that there will be difficult times due to the actions of the recently re-elected President Trump that are degrading US-EU relations. Regarding her views on the child sexual abuse material regulation, she stresses how important it is to protect children and that the debate is not about whether or not to protect them or not, but that it is difficult to find out ‘how’ to protect them.

The current proposed regulations will put too much stress on violating one’s privacy, but on the other hand, it is difficult to find alternatives to protect children. This reflects how difficult regulating can be even when everyone at the table may have the same goals.

Irena Moozova, the Deputy Director-General of DG JUST at the European Commission, said that her priorities for the upcoming years are to cut red tape, simplify guidelines for businesses to work and support business compliance efforts for small and medium-sized enterprises. She mentions the public consultation phases that will be held for the upcoming Digital Fairness Act this summer.

John Edwards, the UK Information Commissioner, highlighted the transformative impact of emerging technologies, particularly Chinese AI, and how disruptive innovations can rapidly reshape markets. He discussed the ICO’s evolving strategies, noting their alignment with ideas shared by other experts. The organisation’s focus for the next two years includes key areas such as AI’s role in biometrics and tracking, as well as safeguarding children’s privacy. To address these priorities, the ICO has published an online tracking strategy and conducted research on children’s data privacy, including the development of systems tailored to protect young users.

Alberto Di Felice, Legal Counsel to DIGITALEUROPE, stressed the importance of simplifying regulations. He repeatedly stated numerous times that there is too much bureaucracy and too many actors involved in regulation. For example, if a company wants to operate in the EU market, they will have to consult DPAs, AI Act authority, data from the public sector (Data Governance Act), manufacturers or digital products (authorities for this), and financial sector authorities.

He advocated for a single regulator. He also mentioned how the quality of regulation in Europe
is poor and that sometimes regulations are too long. For example, some AI Act articles are 17 lines long with exceptions and sub-exceptions that lawyers cannot even make sense of. He suggested reforms such as having one regulator and proposing changes to streamline legal compliance.

Keynote speech by Beatriz de Anchorena on global data protection

Beatriz de Anchorena, Head of Argentina’s DPA and current Chair of the Convention 108+ Committee, delivered a compelling address on the importance of global collaboration in data protection. Representing a non-European perspective, she emphasised Argentina’s unique contribution to the Council of Europe (CoE).

Argentina was the first country outside Europe to receive an EU adequacy decision, which has since been renewed. Despite having data protection laws originating in the 2000s, Argentina remains a leader in promoting modernised frameworks.

Anchorena highlighted Argentina’s role as the 23rd state to ratify the Convention 108+, noting that only seven more countries need to ratify it to come into force fully. She advocated Convention 108+ as a global standard for data protection, capable of upgrading current data protection standards without demanding complete homogeneity. Instead, it offers a common ground for nations to align on privacy matters.

What’s on your mind: Neuroscience and data protection moderated by Ella Mein

Marcello Ienca, a Professor of Ethics of AI and Neuroscience at the University of Munich, gave everyone in the audience a breakdown of how data and neuroscience intersect and the real-world implications for people’s privacy.

The brain, often described as the largest data repository in the world, presents a vast opportunity for exploration and AI is acting as a catalyst in this process. Large-scale language models are helping researchers in decoding the brain’s ‘hardware’ and ‘software’, although the full ‘language of thought’ remains unclear and uncertain.

Neurotechnology raises real privacy and ethical concerns. For instance, the ability to biomark
conditions like schizophrenia or dementia introduces new vulnerabilities, such as the risk of
‘neuro discrimination’, where predicting one’s illness might lead to stigmatisation or unequal
treatment.

However, it is argued that understanding and predicting neurological conditions is important, as nearly every individual is expected to experience at least one neurological condition in their lifetime. As one panellist put it, ‘We cannot cure what we don’t understand, and we cannot understand what we don’t measure.’

This field also poses questions about data ownership and access. Who should have the ‘right to read brains’, and how can we ensure that access to such sensitive data, particularly emotions and memories unrelated to clinical goals, is tightly controlled? With the data economy in an ‘arms race’, there is a push to extract information directly from its source: the human brain.

As neurotechnology advances, balancing its potential benefits with safeguards will be important to ensure that innovation does not come at the cost of individual privacy and autonomy as mandated by law.

In addition to this breakdown, Jurisconsult Anna Austin explained to us the ECtHR’s legal background surrounding this. A jurisconsult plays a key role in keeping the court informed by maintaining a network that monitors relevant case law from member states and central to this discussion are questions of consent and waiver.

Current ECtHR case law states that any waiver must be unequivocal, fully informed, and fully understand its consequences, which can be challenging to meet. This high standard exists to safeguard fundamental rights, such as protection from torture and inhumane treatment and ensuring the right to a fair trial. As it stands, she stated that there is no fully comprehensive waiver mechanism.

The right to a fair trial is an absolute right that needs to be understood in this context. One nuance in this context is therapeutic necessity where forced medical interventions can be justified under strict conditions with safeguards to ensure proportionality.

Yet concerns remain regarding self-incrimination under Article 6. Particularly in scenarios where reading one’s mind could improperly compel evidence, raising questions about the abuse of such technologies.

Alessandra Pierucci from the Italian DPA made a relevant case for whether new laws should be
created for this matter or whether existing ones are sufficient. Within the context of her work, they are developing a mental privacy risk assessment.

Beyond privacy unveiling the true stakes of data protection. Moderated by Romain Robert

Nathalie Laneret, Vice President of Government Affairs and Public Policy at Criteo, presented her viewpoint on the role of AI and data protection. Addressing the balance between data protection and innovation, Laneret explained that these areas must work together.

She stressed the importance of finding a ways to use pseudonymised data and clear codes of conduct for businesses to use when pointing out that innovation is high on the European Commission’s political agenda.

Laneret addressed concerns about sensitive data, such as children’s data, highlighting Criteo’s proactive approach. With an internal ethics team, the company anticipated potential regulatory challenges around sensitive data, ensuring it stayed ahead of ethical and compliance issues.

In contrast, Max Schrems, Chair of noyb, offered a more critical perspective on data practices. He pointed out the economic disparity in the advertising model, explaining that while advertisers generate minimal revenue per user annually, they often charge users huge fees for their data. Schrems highlighted the importance of individuals having the right to freely give up their privacy if they choose, provided that consent is genuinely voluntary and given.

Forging the future: reinventing data protection? Moderated by Gabriela Zanfir-Fortuna

In this last panel, Johnny Ryan from the Irish Council for Civil Liberties painted a stark picture of
the societal challenges tied to data misuse. He described a crisis fuelled by external influence,
misunderstandings, and data being weaponised against individuals.

However, Ryan argued that the core issue is not merely the problems themselves but the fact that the EU lacks an effective and immediate response strategy. He stated the need for swift protective measures, criticising the current underuse of interim tools that could mitigate harm in real-time.

Nora Ni Loideain, a Lecturer and Director at the University of London’s Information Law and Policy Centre, discussed the impact of the GDPR on data protection enforcement. Explaining how DPAs had limited powers in the past and, for example, in events like the Cambridge Analytica scandal, she noted that the UK’s Data Protection Authority could only fine Facebook £500,000 due to a lack of resources and authority.

This is where the GDPR has allowed for DPAs to step up with independence, greater resources, and stronger enforcement capabilities, significantly improving their ability to hold companies accountable for their privacy violations.

Happy Data Protection Day 2025!

FTC names new technology chief as leadership shifts

Jake Denton, a former researcher at the Heritage Foundation, has been appointed as chief technology officer of the US Federal Trade Commission. He replaces Stephanie Nguyen, who had held the position since 2022. The role was first established during the Obama administration to provide insights on emerging technology challenges.

Denton steps into the role as Andrew Ferguson takes over as FTC chairman. Ferguson has voiced concerns about Big Tech’s dominance while cautioning against excessive regulation that could hinder US innovation. Denton has supported artificial intelligence legislation and has urged stronger US involvement in shaping global AI policies.

The Heritage Foundation’s Project 2025, linked to potential conservative policies under a future Trump administration, has outlined proposals for antitrust enforcement that align with right-leaning priorities. Some suggestions have even questioned the FTC’s necessity. Meanwhile, the agency is preparing for a trial against Meta in April and is pursuing an antitrust lawsuit against Amazon.

Ferguson’s stance on ongoing FTC investigations remains unclear, including probes into Microsoft’s partnership with OpenAI and potential consumer protection issues. Trump has praised Ferguson as a leader who supports innovation, making his regulatory approach to Big Tech a key focus in the coming months.

For more information on these topics, visit diplomacy.edu.

OECD and WTO joint report highlights economic impact of data regulation and advocates balanced approach

The World Trade Organisation (WTO) Secretariat and the Organisation for Economic Co-operation and Development (OECD) have jointly released the report “Economic Implications of Data Regulation: Balancing Openness and Trust”. The research highlights the critical role data flows play in today’s interconnected world, enabling social and economic interactions. However, with the rise of regulations that either restrict (or impose conditions to) data flows, or that demand localised data storage, the report emphasises the need for a balanced approach that promotes cross-border flows while ensuring trust through adequate protection.


The report identifies the potential economic implications and opportunity costs associated with different types of data flow and data localisation regulations. It concludes that global solutions that promote free data flows paired with appropriate safeguards are likely to yield better economic outcomes for all economies, especially developing ones. The report predicts that this mixed approach could lead to a 3.6% increase in global exports and a 1.77% rise in global GDP. These benefits would be most pronounced for low and lower-middle-income economies, potentially boosting their GDP by over 4%. Conversely, the report warns against ‘full fragmentation’, where complete restrictions on data flow could cause a 4.5% decline in global GDP and an 8.5% drop in exports. While stringent data regulations pose economic challenges, the absence of regulation is also not advisable, as it could result in diminished trust in business transactions, and a decline in exports and GDP. The report makes the case for the implementation of the notion of Data Free Flows with Trust (DFFT).

Microsoft secures solar power deal with EDP renewables

Microsoft has deepened its commitment to clean energy by securing a long-term virtual power purchase agreement with EDP Renewables North America. As part of the deal, three large-scale solar projects in the United States will supply Microsoft with 389 megawatts of electricity and renewable energy credits. The agreement aligns with the tech giant’s push to power its expanding AI-driven data centres with sustainable energy sources.

The projects, located in Illinois and Texas, began operations between November and December last year. This includes a 140 MW solar installation in Jacksonville, a 110 MW site near Jerseyville, and a 150 MW park near Austin. EDP Renewables confirmed that this latest agreement brings its total number of operational projects with Microsoft in the US to five.

Big technology firms have significantly ramped up investments in renewable energy as they seek to offset the soaring electricity demand of AI infrastructure. Microsoft’s partnership with EDP Renewables marks another step towards the company’s sustainability targets, reinforcing its ambition to run entirely on renewable energy in the near future.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.