Privacy and data protection

Meta under scrutiny in France over digital Ad practices

Meta, the parent company of Facebook, is facing fresh legal backlash in France as 67 French media companies representing over 200 publications filed a lawsuit alleging unfair competition in the digital advertising market. 

The case, brought before the Paris business tribunal, accuses Meta of abusing its dominant position through massive personal data collection and targeted advertising without proper consent.

The case marks the latest legal dispute in a string of EU legal challenges for the tech giant this week. 

Media outlets such as TF1, France TV, BFM TV, and major newspaper groups like Le Figaro, Liberation, and Radio France are among the plaintiffs. 

They argue that Meta’s ad dominance is built on practices that undermine fair competition and jeopardise the sustainability of traditional media.

The French case adds to mounting pressure across the EU. In Spain, Meta is due to face trial over a €551 million complaint filed by over 80 media firms in October. 

Meanwhile, the EU regulators fined Meta and Apple earlier this year for breaching European digital market rules, while online privacy advocates have launched parallel complaints over Meta’s data handling.

Legal firms Scott+Scott and Darrois Villey Maillot Brochier represent the French media alliance.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DeepSeek faces South Korean scrutiny over unauthorised data transfers

South Korea’s data protection authority has flagged serious privacy concerns over the operations of Chinese AI startup DeepSeek, accusing the company of transferring personal data and user-generated content abroad without consent. 

The findings come after a months-long investigation into the company’s conduct following its app launch in the South Korean market earlier this year.

According to the Personal Information Protection Commission, DeepSeek, officially registered as Hangzhou DeepSeek Artificial Intelligence Co. Ltd., failed to obtain user permission before transmitting personal information and AI prompt content to companies based in China and the US. 

This activity reportedly occurred during the app’s availability in local app stores in January.

In a particularly troubling revelation, the commission stated that DeepSeek forwarded user prompts, along with device and network information, to Beijing Volcano Engine Technology Co. Ltd. 

The startup later explained this was part of an effort to enhance user experience, but confirmed it stopped the transfer of such data on 10 April.

As a result, the commission has recommended that DeepSeek delete the previously shared content and immediately secure a lawful framework for any future overseas data transfers. 

Responding indirectly, China’s Foreign Ministry stressed that Beijing does not require companies to collect or store data illegally, asserting its stance amid growing international scrutiny over Chinese firms’ data practices. 

Meanwhile, DeepSeek has yet to respond publicly to the commission’s findings.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK introduces landmark online safety rules to protect children

The UK’s regulator, Ofcom, has unveiled new online safety rules to provide stronger protections for children, requiring platforms to adjust algorithms, implement stricter age checks, and swiftly tackle harmful content by 25 July or face hefty fines. These measures target sites hosting pornography or content promoting self-harm, suicide, and eating disorders, demanding more robust efforts to shield young users.

Ofcom chief Dame Melanie Dawes called the regulations a ‘gamechanger,’ emphasising that platforms must adapt if they wish to serve under-18s in the UK. While supporters like former Facebook safety officer Prof Victoria Baines see this as a positive step, critics argue the rules don’t go far enough, with campaigners expressing disappointment over perceived gaps, particularly in addressing encrypted private messaging.

The rules, part of the Online Safety Act pending parliamentary approval, include over 40 obligations such as clearer terms of service for children, annual risk reviews, and dedicated accountability for child safety. The NSPCC welcomed the move but urged Ofcom to tighten oversight, especially where hidden online risks remain unchecked.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft expands rewards for reporting AI vulnerabilities

Microsoft has announced an expanded bug bounty initiative, offering up to $30,000 for researchers who uncover critical vulnerabilities in AI features within Dynamics 365 and the Power Platform.

The programme aims to strengthen security in enterprise software by encouraging ethical hackers to identify and report risks before cybercriminals can exploit them.

Rather than relying on general severity scales, Microsoft has introduced an AI-specific vulnerability classification system. It highlights prompt injection attacks, data poisoning during training, and techniques like model stealing and training data reconstruction that could expose sensitive information.

Highest payouts are reserved for flaws that allow attackers to access other users’ data or perform privileged actions without their consent.

The company urges researchers to use free trials of its services, such as PowerApps and AI Builder, to identify weaknesses. Detailed product documentation is provided to help participants understand the systems they are testing.

Even reports that don’t qualify for a financial reward can still lead to recognition if they result in improved defences.

The AI bounty initiative is part of Microsoft’s wider commitment to collaborative cybersecurity. With AI becoming more deeply integrated into enterprise software, the company says it is more important than ever to identify vulnerabilities early instead of waiting for security breaches to occur.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ubisoft under fire for forcing online connection in offline games

French video game publisher Ubisoft is facing a formal privacy complaint from European advocacy group noyb for requiring players to stay online even when enjoying single-player games.

The complaint, lodged with Austria’s data protection authority, accuses Ubisoft of violating EU privacy laws by collecting personal data without consent.

Noyb argues that Ubisoft makes players connect to the internet and log into a Ubisoft account unnecessarily, even when they are not interacting with other users.

Instead of limiting data collection to essential functions, noyb claims the company contacts external servers, including Google and Amazon, over 150 times during gameplay. This, they say, reveals a broader surveillance practice hidden beneath the surface.

Ubisoft, known for blockbuster titles like Assassin’s Creed and Far Cry, has not yet explained why such data collection is needed for offline play.

The complainant who examined the traffic found that Ubisoft gathers login and browsing data and uses third-party tools, practices that, under GDPR rules, require explicit user permission. Instead of offering transparency, Ubisoft reportedly failed to justify these invasive practices.

Noyb is calling on regulators to demand deletion of all data collected without a clear legal basis and to fine Ubisoft €92 million. They argue that consumers, who already pay steep prices for video games, should not have to sacrifice their privacy in the process.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware decline masks growing threat

A recent drop in reported ransomware attacks might seem encouraging, yet experts warn this is likely misleading. Figures from the NCC Group show a 32% decline in March 2025 compared to the previous month, totalling 600 incidents.

However, this dip is attributed to unusually large-scale attacks in earlier months, rather than an actual reduction in cybercrime. In fact, incidents were up 46% compared with March last year, highlighting the continued escalation in threat activity.

Rather than fading, ransomware groups are becoming more sophisticated. Babuk 2.0 emerged as the most active group in March, though doubts surround its legitimacy. Security researchers believe it may be recycling leaked data from previous breaches, aiming to trick victims instead of launching new attacks.

A tactic like this mirrors behaviours seen after law enforcement disrupted other major ransomware networks, such as LockBit in 2024.

Industrials were the hardest hit, followed by consumer-focused sectors, while North America bore the brunt of geographic targeting.

With nearly half of all recorded attacks occurring in the region, analysts expect North America, especially Canada, to remain a prime target amid rising political tensions and cyber vulnerability.

Meanwhile, cybercriminals are turning to malvertising, malicious code hidden in online advertisements, as a stealthier route of attack. This tactic has gained traction through the misuse of trusted platforms like GitHub and Dropbox, and is increasingly being enhanced with generative AI tools.

Instead of relying solely on technical expertise, attackers now use AI to craft more convincing and complex threats. As these strategies grow more advanced, experts urge organisations to stay alert and prioritise threat intelligence and collaboration to navigate this volatile cyber landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

BMW partners with DeepSeek for in-car AI features

BMW has announced plans to integrate AI developed by China’s DeepSeek into its vehicles sold in the Chinese market.

The announcement was made by CEO Oliver Zipse during the Shanghai Auto Show, aligning BMW with local brands such as Geely and Zeekr that have adopted similar AI technologies.

The DeepSeek-R1 model has been increasingly used across Chinese automotive sector to power intelligent cockpit systems, voice controls, and driving assistance.

Geely showcased its ‘Full-Domain AI for Smart Vehicles’, which includes AI-powered chassis control and driver interaction capabilities.

DeepSeek’s influence extends beyond automotive applications, with its technology now used in Chinese courtrooms, healthcare, and customer service.

A successor model, DeepSeek-R2, is expected soon and promises multilingual reasoning and enhanced coding capabilities, rivalling Western counterparts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SK Telecom investigates data breach after cyberattack

South Korean telecom leader SK Telecom has confirmed a cyberattack that compromised customer data following a malware infection.

The breach was detected on 19 April, prompting an immediate internal investigation and response. Authorities, including the Korea Internet Security Agency, have been alerted.

Personal information of South Korean customers was accessed during the attack, although the extent of the breach remains under review. In response, SK Telecom is offering a complimentary SIM protection service, hinting at potential SIM swapping risks linked to the leaked data.

The infected systems were quickly isolated and the malware removed. While no group has claimed responsibility, concerns remain over possible state-sponsored involvement, as telecom providers are frequent targets for cyberespionage.

It is currently unknown whether ransomware played a role in the incident. Investigations are ongoing as officials continue to assess the scope and origin of the breach.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Baidu rolls out new AI agent Xinxiang for Android

Chinese tech giant Baidu has launched a new AI agent, Xinxiang, aimed at enhancing user productivity by assisting with tasks such as information analysis and travel planning.

The tool is currently available on Android devices, with an iOS version still under review by Apple.

According to Baidu, Xinxiang represents a shift from traditional chatbot interactions towards a more task-focused AI experience, providing streamlined assistance tailored to practical needs.

The move reflects growing competition in China’s rapidly evolving AI market.

However, the launch highlights Baidu’s ambition to stay ahead in AI innovation and offer tools that integrate seamlessly into everyday digital life.

As regulatory reviews continue, the success of Xinxiang may depend on user adoption and the speed at which it becomes available across platforms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

JusticeLink breach leads to arrest in Sydney

A man has been charged following a serious cyberattack on JusticeLink, New South Wales’ largest online court-filing system.

Authorities say more than 9,000 files were illegally downloaded over a two-month period, although no personal data appears to have been compromised. The breach was first detected in March, prompting an immediate shutdown of the suspect’s account.

JusticeLink handles sensitive legal documents for over 400,000 cases annually. The 38-year-old suspect, arrested in Maroubra, Sydney, now faces charges of unauthorised access and misuse of a carriage service to cause harm. Two laptops were seized during the arrest.

Officials have reassured the public that the system is now secure, with no indication that personal information was leaked or found online.

Acting Attorney-General Ron Hoenig confirmed that people under court protection orders were not exposed to heightened risk. The man is expected to appear in Waverley Court on Thursday.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!