IWF challenges misconceptions about child abuse detection technologies

The Internet Watch Foundation (IWF) has published a new analysis aimed at countering what it describes as persistent misconceptions about technologies used to detect child sexual abuse material (CSAM) online.

According to the organisation, public discussions increasingly focus on privacy and surveillance concerns while overlooking the role these technologies play in identifying and removing illegal content at scale.

The article argues that detection tools are not experimental technologies but rather adaptations of established cybersecurity methods already used throughout the digital ecosystem.

The IWF highlights hash matching technologies, which compare the mathematical signatures of files against databases of known illegal content, as a long-established and widely used approach to content detection.

The IWF stresses that these systems do not involve mass surveillance and do not require access to the contents of private communications.

The organisation also points to perceptual hashing technologies such as PhotoDNA, which can identify known abuse images even when files have been modified or resized. Similar approaches are commonly used in cybersecurity for malware detection, phishing prevention and file verification.

According to the IWF, the principles behind child protection technologies are therefore consistent with existing online security practices.

The article further argues that no single technology can effectively address the challenge of child sexual abuse material online. Instead, platforms require multiple layers of protection, including known-content detection, identification of previously unknown material, behavioural analysis, reporting mechanisms and human moderation.

The IWF warns that limiting detection capabilities would reduce the ability of platforms and law enforcement authorities to identify abuse and protect victims.

Why does it matter?

The publication contributes to an increasingly important policy debate over how to balance privacy, encryption and child protection online. As governments consider new online safety laws and content moderation requirements, questions about whether detection technologies constitute surveillance have become central to discussions involving regulators, technology companies and civil society groups.

The IWF’s intervention also highlights a broader governance challenge. While privacy advocates warn against measures that could weaken encryption or expand monitoring, child protection organisations argue that effective detection capabilities remain essential for identifying abuse, removing illegal content and supporting law enforcement investigations. The outcome of these debates could shape future approaches to online safety, platform accountability and digital rights worldwide.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Canada seeks stronger privacy rights through new digital governance law

The Canadian government has introduced the Protecting Privacy and Consumer Data Act, a major legislative proposal designed to modernise the country’s private-sector privacy framework and strengthen protections in an increasingly AI-driven digital environment.

According to the government, Canada’s existing privacy legislation was developed more than 25 years ago and no longer reflects technological realities such as AI, automated decision-making systems, deepfakes and the large-scale collection of children’s data.

The proposed law seeks to address those challenges by establishing stronger rights for individuals and clearer obligations for organisations.

The legislation would recognise privacy as a fundamental right, strengthen protections for children’s data, require meaningful consent for the collection and use of personal information, and introduce greater transparency around automated decision-making.

Canadians would also gain the right to request the deletion of their personal information and benefit from enhanced safeguards when their data is transferred outside Canada.

The proposed framework would be overseen by a newly established Digital Safety and Data Protection Commission of Canada.

The regulator would have authority to issue binding orders and impose significant penalties on organisations that fail to comply with privacy requirements. The government describes the legislation as a key component of its recently launched national AI strategy, aimed at strengthening trust in digital services, data-driven innovation and emerging technologies.

Why does it matter?

The proposed legislation represents one of Canada’s most significant privacy reforms in decades and reflects a broader international trend of updating data protection frameworks for the AI era. As AI systems, automated decision-making tools and digital platforms become more deeply embedded in everyday life, governments are seeking stronger safeguards for personal data, transparency and accountability.

The bill also signals a growing convergence between privacy policy and AI governance. By introducing stronger protections for children’s data, new rights for individuals and greater oversight of automated systems, Canada is positioning privacy as a key foundation for public trust in digital services and emerging technologies.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Canadian government announces briefing on new privacy legislation

Innovation, Science and Economic Development Canada (ISED) has announced that government officials will hold a technical briefing for the media on a proposed bill titled ‘An Act to enact the Protecting Privacy and Consumer Data Act‘.

The briefing is scheduled for 15 June 2026 and is expected to provide technical information about the proposed legislation. The event will take place at the National Press Theatre and will also be accessible online through a Zoom link provided by the Canadian Parliamentary Press Gallery.

According to ISED, participation in the question-and-answer session will be restricted to accredited members of the Parliamentary Press Gallery. Media organisations that are not members can request temporary access.

The media advisory does not provide details about the substance of the proposed legislation beyond its title and the logistical arrangements for the briefing. The event will be held in Ottawa, Canada.

Why does it matter?

Privacy and consumer data protection remain central issues in digital governance as governments seek to balance innovation, economic growth and the protection of personal information. New legislation in this area could affect how organisations collect, use and manage consumer data, as well as the rights available to individuals.

Although details of the proposed bill have not yet been released, the legislation could signal the next phase of Canada’s approach to privacy regulation and data governance. Any reforms may have implications for businesses, digital services providers and consumers operating within Canada’s increasingly data-driven economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New federated learning approach highlights shift towards decentralised and privacy-preserving AI

Researchers at MIT have developed a new method that significantly improves privacy-preserving AI training on everyday devices such as smartphones, sensors, and smartwatches.

The approach strengthens federated learning systems, where data remains on devices while models are trained collaboratively, supporting sensitive applications such as healthcare and finance.

The new framework, called FTTE (Federated Tiny Training Engine), addresses long-standing issues in federated learning networks with uneven device capabilities. Traditional systems struggle with delays from limited memory, weak connectivity and slow update cycles, reducing network efficiency and performance.

FTTE improves the process by sending smaller model segments to devices, introducing asynchronous updates and weighting contributions based on freshness. These changes reduce memory load and communication demands while maintaining stable training across heterogeneous devices.

Testing across simulated and real device networks showed training speeds improved by around 81 percent, with major reductions in memory and data transfer requirements.

Researchers also highlighted the potential to expand AI access in regions with lower-end hardware, while future work will focus on further personalising models for individual devices.

Why does it matter? 

Decentralised AI training marks a shift away from dependence on centralised data centres towards distributed intelligence embedded in everyday devices.

That changes the architecture of AI itself, allowing sensitive data to remain local and reducing privacy risks. At the same time, computation is spread across billions of low-power devices rather than concentrated in a few powerful systems.

The researchers note that such approaches may enable AI training on devices with limited memory and connectivity.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI privacy model sets new standard for AI-data protection

The US R&D company, OpenAI, has introduced OpenAI Privacy Filter, a specialised AI system designed to detect and redact personally identifiable information in text with high accuracy.

A model that is part of broader efforts to strengthen privacy-by-design practices in AI development, offering developers a practical tool to embed data protection directly into workflows rather than relying on external processing systems.

Unlike traditional rule-based systems, the model applies contextual language understanding to identify sensitive information in unstructured text. It processes inputs in a single pass and supports long-context analysis, enabling efficient handling of large documents.

Local deployment further reduces exposure risks, allowing sensitive data to remain on-device rather than being transmitted to external servers.

Performance benchmarks indicate near frontier-level capability, with strong precision and recall scores across standard evaluation datasets.

The system detects multiple categories of private data, including personal identifiers, financial information, and confidential credentials, while allowing developers to fine-tune detection thresholds according to operational requirements.

Despite its capabilities, the model is positioned as one component within a wider privacy framework instead of a standalone compliance solution.

Human oversight remains necessary in high-risk domains such as legal or financial processing.

Such a release by OpenAI reflects a shift towards smaller, specialised AI systems designed to address targeted challenges in real-world deployments while maintaining adaptability and transparency.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Canada reviews Privacy Act to modernise data protection and digital governance

The Government of Canada has launched a formal review of the Privacy Act, opening a broader effort to modernise how the federal public sector governs personal data in an increasingly digital administrative environment.

Led by the Treasury Board of Canada Secretariat and announced by Shafqat Ali, President of the Treasury Board, the process will reassess how more than 250 government institutions collect, use, share, and protect personal information.

The review places particular emphasis on improving how data is managed across government programmes, with reform proposals focused on more secure information-sharing, less duplication, and greater accuracy in public administration. Canadian authorities say the aim is to introduce designated official data sources while ensuring that any reuse of personal information serves individuals directly or delivers a clear public benefit.

The process also points to more structural changes, including recognising privacy as a fundamental right and aligning legal definitions more closely with international standards. It is further intended to harmonise procedures for accessing personal information and to update the federal privacy framework to support a more connected digital state.

Consultations will continue through mid-2026, with feedback expected to feed into a final report in winter 2026–27. Taken together, the review suggests that Canada is rethinking how privacy protection, public-sector data sharing, and institutional accountability should operate in a modern digital governance system.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Amnesty International warns EU tech law reforms could weaken GDPR and AI Act protections

Amnesty International has warned that proposed EU reforms presented as a way to simplify digital regulation and boost competitiveness could weaken core safeguards for privacy and fundamental rights.
At the centre of the concern is the European Commission’s ‘Digital Omnibus’ initiative, which would affect major pieces of legislation, including the General Data Protection Regulation and the AI Act.

Amnesty and other civil society groups argue that the package risks reopening key protections in the EU’s digital rulebook under the banner of regulatory simplification.

Among the most controversial proposals are changes to how personal data is defined, along with exceptions that could make it easier for companies to retain or reuse data for AI systems. Critics say that such changes would weaken safeguards intended to limit excessive data collection and to preserve accountability in how personal information is processed.

Concerns also extend to the AI Act, where proposed adjustments could reduce obligations for high-risk systems. According to Amnesty, companies may be given greater discretion in how they assess and disclose risks, potentially lowering transparency and limiting external scrutiny.

Delays in implementation, the organisation argues, could also allow harmful systems to remain in use without full regulatory oversight.

The broader reform agenda may reach beyond privacy and AI rules. Future ‘fitness checks’ could also affect frameworks such as the Digital Services Act and the Digital Markets Act, raising wider concerns about whether the EU’s digital regulatory model is being softened in the name of competitiveness.

For critics, the cumulative risk is that the balance of the EU digital framework could begin to shift away from rights protection and public accountability, and towards greater corporate flexibility in areas linked to surveillance, discrimination, and market power.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU child safety rules lapse amid ongoing debate over privacy and enforcement

The European Union has been unable to reach an agreement on extending temporary rules that allow online platforms to detect child sexual abuse material, leaving the current framework set to expire in April.

Discussions between the European Parliament and the Council of the European Union concluded without reaching a consensus on how to proceed with such measures.

The existing rules permit technology companies to voluntarily scan their services for harmful content, supporting efforts to identify and remove illegal material.

The European Commission had proposed a temporary extension while negotiations continue on a permanent framework under the Child Sexual Abuse Regulation, but differing views on scope and safeguards prevented agreement.

Stakeholders across sectors have highlighted the importance of maintaining effective tools to address online harms, while also emphasising the need to respect fundamental rights.

Previous periods of legal uncertainty have shown that detection capabilities may be affected when such frameworks are absent, although assessments of effectiveness remain subject to ongoing debate.

At the same time, concerns have been raised regarding the broader implications of monitoring digital communications. Some perspectives stress that any approach should carefully consider privacy protections, particularly in relation to secure and encrypted services.

Attention now turns to ongoing negotiations on a long-term regulatory solution.

The outcome will shape how the EU approaches the challenge of addressing harmful online content while safeguarding rights and ensuring proportional and transparent enforcement.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU calls on US tech firms to respect rules on handling staff data

Concerns over data protection have intensified as the European Commission calls on major technology companies to apply the EU standards when handling sensitive staff information linked to digital regulation.

Pressure follows requests from the US House Judiciary Committee seeking access to communications between US firms and the EU officials involved in enforcing laws such as the Digital Services Act and Digital Markets Act.

The EU officials emphasise that formal exchanges with companies take place through official channels, including documented correspondence, rather than informal messaging platforms. Internal communication practices may involve encrypted tools, reflecting growing concerns about data security and external scrutiny.

Debate surrounding the issue reflects wider tensions between the EU and the US over digital governance, privacy protections and regulatory authority. Questions over jurisdiction and access to sensitive communications are likely to remain central as transatlantic tech policy evolves.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU privacy watchdogs warn over US plans to expand traveller data collection

European privacy authorities have raised concerns about proposed changes to the Electronic System for Travel Authorisation that could require travellers to the US to disclose extensive personal information, including social media activity.

The European Data Protection Board, which coordinates national data protection authorities across the EU, sent a letter to the European Commission asking whether the institution plans to intervene or respond to the updated requirements.

A proposal that would apply to visitors entering the US through the visa-waiver programme for short stays of up to 90 days.

Under the proposed changes, travellers may be required to provide details about their social media accounts covering the previous five years.

Authorities could also request personal data about family members, including addresses, phone numbers and dates of birth, information that privacy regulators argue is unrelated to travel authorisation.

Watchdogs also questioned how EU citizens could exercise their data protection rights once such information is transferred to US authorities, particularly regarding storage periods and potential misuse.

Parallel negotiations between the EU and the US have also attracted attention.

Discussions around a potential Enhanced Border Security Partnerships framework could allow US authorities to seek access to biometric databases held by European countries, including facial scans and fingerprint records.

European privacy regulators warned that such measures could raise significant concerns regarding fundamental rights and personal data protection for travellers from the EU.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!