Sustainable development

Brazil study maps age assurance practices across 25 digital services

A new study by CGI.br and NIC.br examines how digital services in Brazil implement age assurance measures. Presented in Brasília during an event on the Digital Child and Adolescent Statute (ECA Digital), the study reviewed 25 popular online services used by children and adolescents.

The study found that most of the services analysed do not apply age checks at the point of registration, including some platforms aimed at adults. According to the release, age assurance usually appears later, when users try to access specific features such as livestreaming or monetisation.

Titled ‘Age assurance practices in 25 digital services used by children in Brazil’, the study analysed governance documents published before the ECA Digital entered into force. From 18 March, the law requires information-society services aimed at children and adolescents in Brazil, or likely to be accessed by them, to adopt effective age-assurance measures and parental supervision.

The study found that 11 of the 25 platforms relied on third-party age-assurance services, particularly social media and generative AI platforms. Official identity document submission was the most common verification method, while selfie-based checks were the most common age-estimation tool. Differences were also found between the minimum ages stated by services and those listed in app stores, and some adult-oriented platforms could still be accessed by younger users with parental consent.

Parental supervision tools were available in 15 of the 25 services, but activation was usually optional and depended on parents or guardians. Transparency also emerged as a weakness: only six services published Brazil-specific reports, and only one explained how its minimum-age policy was applied. Policies were often spread across multiple pages, averaging 22 pages per service, and around 40% of the services provided related information in other languages.

Fábio Senne, General Research Coordinator at Cetic.br | NIC.br, said: ‘One of the study’s central aims was to verify the integrity of the information made available by digital services in Brazil. It is essential that data on age protection be communicated clearly and accessibly, allowing more informed and effective parental supervision.’

Juliana Cunha, manager of the Digital Public Policy Advisory Office at CGI.br | NIC.br, said: ‘This survey was developed to support the debate on implementation of the ECA Digital and to offer a clear understanding of the current landscape. This initiative forms part of a broader set of actions by CGI.br and NIC.br aimed at providing technical evidence to support effective enforcement of the law. Our commitment is to foster a safer and more responsible digital ecosystem for children and adolescents in Brazil.’

The release says the study used as a methodological reference the OECD technical paper ‘Age assurance practices of 50 online services used by children’, published in 2025. Information was collected between 10 and 30 January 2026 from public documents made available by the services in Brazil, totalling 550 pages analysed. The event also marked the launch of TIC Kids Online Brazil 2025, a publication on internet use by children and adolescents aged 9 to 17 in Brazil.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ILO and World Bank paper says GenAI may deepen labour-market divides

A joint working paper by the International Labour Organization (ILO) and the World Bank says generative AI is likely to reshape labour markets globally, but not in the same way across countries.

The paper finds that advanced economies face greater overall exposure, while developing economies may see disruption arrive faster than productivity gains due to weaker digital infrastructure and differences in how work is organised.

Prepared as a background study for the World Development Report 2026, the paper examines labour-market exposure to GenAI across 135 countries, covering about two-thirds of global employment. According to the study, digital infrastructure and job-task composition are among the main factors shaping the distribution of risks and opportunities between advanced and developing economies.

Exposure is highest in advanced economies, especially in clerical and professional occupations. Lower-income countries are less exposed overall, but the paper says structural constraints reduce their ability to benefit from the technology. A central concern is that workers in jobs vulnerable to automation are often already online, even in poorer settings, meaning displacement could happen relatively quickly.

The paper also says many of the jobs most exposed to automation in developing economies are relatively higher-quality roles, including clerical and administrative work that has often provided a route into decent employment, especially for women and young workers. AI-driven automation, the study warns, could narrow those pathways.

Potential gains are also uneven. Many workers in jobs that could benefit from GenAI lack reliable internet access in lower-income settings. The paper adds that the same occupation title can involve different tasks depending on the country, with workers in poorer economies often carrying out fewer non-routine analytical tasks, relying less on computers, and doing more routine or manual work. Such differences reduce the scope for productivity gains from GenAI deployment.

ILO and the World Bank conclude in the paper that GenAI’s labour-market effects will depend not only on the technology itself, but also on digital connectivity, skills, task organisation, labour-market institutions, and social protection. Expanded digital access, stronger skills policies, and better labour protections are presented as necessary if the gains from GenAI are to be shared more broadly.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft expands cloud footprint in Denmark

Microsoft has opened a new data centre region in Denmark, marking a major investment in cloud infrastructure and digital resilience. The Denmark East region spans multiple sites and aims to support secure, local data processing.

The project is expected to boost economic activity, with billions of dollars in projected spending and strong spillover effects for local technology firms. Organisations adopting cloud services are likely to rely on domestic partners across IT, cybersecurity, and software development.

Businesses and public sector users will gain access to advanced cloud and AI tools, alongside improved data sovereignty under the EU rules. Local data storage and low-latency services are designed to strengthen compliance and operational efficiency.

Sustainability also plays a central role, with renewable energy use, zero-water-cooling systems, and waste-heat recovery supporting local Danish communities. Broader ambitions include reinforcing digital sovereignty while enabling innovation across industries.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Campaign highlights risks of profit-driven digital platforms

A global campaign led by the Norwegian Consumer Council (NCC) has drawn attention to the decline in quality across digital platforms, a phenomenon widely referred to as ‘enshitification’, in which services deteriorate over time as companies prioritise monetisation over user experience.

The initiative has gained momentum through a viral video and coordinated advocacy efforts across multiple regions.

Inshitification is a term coined by journalist Cory Doctorow that describes a pattern in which platforms initially serve users well, then shift towards extracting value from both users and business partners.

In practice, it often results in increased advertising, paywalls, and reduced functionality, with platforms leveraging user dependence to introduce less favourable conditions.

More than 70 advocacy groups across the EU, the US and Norway have urged policymakers to take stronger action, arguing that declining competition and market concentration allow platforms to degrade services without losing users.

Network effects and high switching costs further limit consumer choice, making it difficult to move to alternative platforms even when dissatisfaction grows.

Existing frameworks, such as the Digital Markets Act and the Digital Services Act, aim to address some of these issues by promoting interoperability, transparency, and accountability.

However, experts argue that enforcement remains too slow and insufficient to deter harmful practices, suggesting that stronger regulatory intervention will be necessary to restore balance between consumers, platforms, and competition in the digital economy.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU investigates cyber attack targeting Commission websites

The European Commission has confirmed a cyber-attack targeting its cloud infrastructure hosting the Europa.eu services, with authorities acting swiftly to contain the incident and prevent disruption to public access.

The attack was identified on 24 March, prompting immediate mitigation measures to secure systems and maintain service continuity.

Preliminary findings indicate that some data may have been accessed from affected websites, although the full scope of the incident remains under investigation.

The Commission has begun notifying the relevant EU entities that may be affected, while continuing efforts to assess the extent of the breach and strengthen safeguards.

Officials confirmed that internal systems were not affected, limiting the overall impact of the attack.

Monitoring efforts remain ongoing, with additional security measures being implemented to protect data and infrastructure, rather than relying solely on existing defences. The Commission has also committed to analysing the incident to improve its cybersecurity capabilities.

The attack comes amid growing cyber and hybrid threats targeting European institutions and critical services.

Existing frameworks, including the NIS2 Directive and the Cyber Solidarity Act, aim to strengthen resilience and coordination across member states, supporting a more unified response to large-scale cyber incidents across the EU.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

VivaCity partners with Nottingham to enhance urban transport using AI

Nottingham City Council has partnered with VivaCity to install over 200 AI-enabled transport sensors across the city. The sensors include ANPR, traffic monitoring, and Smart Signal Control capabilities.

Sensors will collect real-time, anonymous data on vehicle types, pedestrians, and cyclists to inform traffic management decisions. The first Smart Junction at the Ring Road-Aspley Lane will adjust traffic lights according to current conditions.

Funding comes from the Future Transport Zones Fund, for which the Department awarded £16.7 million for Transport. Installation began in February 2023 and will finish by November 2023, with coverage across main routes.

Data from the sensors will feed into a public Data Hub alongside car park and EV charging datasets. Air quality monitors will be added near sensors to help assess correlations between road use and pollution levels.

Sensors will not function as speed cameras and will not record personal information. The technology will be upgraded over time to identify additional vehicle types such as taxis, minibuses, and mobility scooters.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot 

UK regulator targets misleading online reviews in new crackdown

The Competition and Markets Authority has launched new investigations into five companies as part of a wider crackdown on fake and misleading online reviews, targeting practices that shape consumer decisions rather than reflect genuine customer experiences.

The cases involve Autotrader, Feefo, Dignity, Just Eat and Pasta Evangelists across sectors, including car sales, food delivery and funeral services.

CMA is examining whether negative reviews were suppressed, ratings inflated, or incentives offered in exchange for positive feedback without disclosure.

Concerns also extend to moderation practices and whether review systems provide a complete and accurate picture of customer experiences, rather than favouring reputational or commercial interests. No conclusions have yet been reached on whether consumer law has been breached.

Online reviews play a central role in consumer behaviour, influencing significant levels of spending across the UK economy.

Research indicates that a large majority of consumers rely on reviews when making purchasing decisions, raising concerns that misleading content can distort markets and undermine trust, particularly as AI makes it harder to detect fabricated reviews.

The investigations form part of a broader enforcement effort under the Digital Markets Competition and Consumers Act 2024, which introduced stricter rules on fake and misleading reviews.

Authorities aim to improve transparency and accountability across digital platforms, with potential penalties reaching up to 10% of global turnover for companies found to have breached consumer protection laws.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU and Japan strengthen digital partnership in ICT Dialogue

The European Commission and Japan have reinforced their digital cooperation through the 31st the EU–Japan ICT Dialogue held in Tokyo, focusing on advancing shared priorities in emerging technologies instead of pursuing separate national strategies.

A meeting that forms part of the broader EU–Japan Digital Partnership, which aims to deepen collaboration in key areas of the digital economy.

Discussions covered a wide range of topics, including AI, cybersecurity, and secure connectivity infrastructure such as submarine cables and Arctic networks.

Both sides also explored developments in 5G and 6G technologies, alongside emerging solutions like quantum key distribution, highlighting the importance of secure and resilient communication systems in an evolving digital landscape.

The dialogue also emphasised cooperation between the EU AI Office and AI Safety Institute, as well as joint efforts in research, innovation, and international standardisation.

These initiatives aim to align regulatory approaches and technological development rather than create fragmented global frameworks.

By strengthening collaboration across critical digital sectors, the EU and Japan seek to enhance technological resilience and promote secure, interoperable systems.

The ongoing partnership reflects a shared commitment to shaping global digital standards while supporting innovation and economic growth in both regions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Digital divide shapes AI job outcomes

A joint study by the International Labour Organization and the World Bank finds that AI will reshape labour markets unevenly across countries. Research covering 135 economies highlights growing risks for workers as automation expands.

Advanced economies show higher exposure to AI, particularly in clerical and professional roles. Lower-income regions face fewer direct impacts but lack the infrastructure and skills needed to capture productivity gains.

The digital divide plays a central role, with many vulnerable jobs already online and therefore exposed to automation. Workers in roles with potential benefits often lack reliable internet access, limiting opportunities.

The ILO’s findings suggest outcomes depend on infrastructure, skills and job design rather than technology alone. Policymakers are urged to improve connectivity, training and social protections to spread benefits more evenly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

IAPP updates US state breach notification resource as legal differences persist

The International Association of Privacy Professionals (IAPP) has updated its US State Breach Notification Chart, a resource that summarises state breach notification laws across the United States. In an analysis published on 26 March, the IAPP says the revised chart highlights both nationwide coverage and continuing variation in how states define personal information, apply harm thresholds, and trigger reporting duties.

According to the IAPP, all 50 states, the District of Columbia, Guam, Puerto Rico, and the US Virgin Islands now have breach notification laws. California enacted the first state law in 2002, which took effect in 2003, while Alabama was the last state to adopt such a law in 2018. The IAPP says the result is a de facto nationwide framework, but one marked by significant differences across jurisdictions.

A central point in the analysis is that breach notification laws generally use a narrower definition of personal information than more recent comprehensive privacy laws. The IAPP says the original purpose of breach notification was to alert people to the risks of identity theft and financial fraud after a data breach, so laws tend to focus on identifiers such as names combined with Social Security numbers, driver’s licence details, or financial account credentials.

The article contrasts narrower statutes with broader ones. Hawaii’s law is described as among the narrowest, while Illinois and California are presented as having broader definitions that can extend to medical information, health insurance details, biometric data, genetic data, and, in California’s case, some automated licence plate recognition data.

Even so, the IAPP says many state breach laws still do not cover large categories of digital information, such as browsing history, cookie data, IP addresses, cell phone numbers, purchasing records, or complete financial transaction histories where account credentials were not compromised.

Exemptions and scope also vary. The IAPP says most breach notification laws apply broadly to businesses and often to nonprofit organisations, while privacy laws tend to contain more exclusions. The article notes that some states cover state and local government entities directly, while California has a separate breach notification law for governmental bodies. The IAPP also says its chart is focused on laws applicable to the private sector.

Encryption safe harbours appear across the state laws, according to the analysis, with some states also recognising redaction or other protections that render data unreadable or unusable. Attorney general notification requirements also differ. The IAPP says 34 state laws require notice to the state attorney general once certain thresholds are met, with thresholds ranging from 250 affected residents in North Dakota and Oregon to 1,000 in many other states, while some states, such as Connecticut and New York, require notice regardless of the number affected.

Harm thresholds are another area of divergence. The IAPP says about 30 state laws include a harm standard, meaning notice may not be required unless the breach caused, or is likely to cause, harm to affected individuals.

The article describes substantial differences in wording across states, with some referring to ‘reasonable likelihood’ of harm, others to ‘material risk,’ ‘substantial economic loss,’ or misuse of the data, while some states, including California, Georgia, Illinois, Massachusetts, Minnesota, North Dakota, and Texas, require no harm showing at all.

The practical effect, the IAPP argues, is that organisations holding data on residents of multiple states face a complex compliance problem. A data element that triggers notice in one state may not do so in another, and the article says reconciling the different harm standards is effectively impossible. The analysis notes that some organisations may decide to notify if there is doubt, while others may choose to notify only where clearly required.

The IAPP concludes that the absence of a preemptive federal breach notification law leaves entities to navigate overlapping but inconsistent state rules. Its updated chart is presented as a tool to help practitioners track those differences and build awareness of how US state breach notification laws continue to evolve.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.