United Kingdom
UK demands access to Apple users’ encrypted data
- The UK Home Office has served a notice under the Investigatory Powers Act to Apple demanding to be able to access encrypted data stored by Apple users worldwide in its cloud service through its Advanced Data Protection method (ADP). Currently only the Apple account holder can access data stored in this way, with not even Apple itself being able to see it.
- It is strongly believed the move is backed by reasons of national security. It sparked backlash from privacy activists such as Privacy International and Big Brother Watch, referring to it as an “unprecedented attack” on the private data of individuals.
- Previously, Apple has said it would pull security services from the UK market rather than weakening them by creating “back doors” to grant the authorities access to user data on demand. Although Apple can appeal against the demand, they cannot delay implementing the ruling during the process even if it is eventually overturned, according to the legislation.
- As of now it is still unclear how Apple will proceed in relation to the notice.
Direct marketing advice generator makes it easy for organisations to comply with the law
- The ICO has announced the launch of a free online tool to help organisations ensure their direct marketing activities comply with PECR the UK GDPR.
- It is a direct marketing advice generator aimed at giving small organisations compliance advice tailored to their own direct marketing activities.
- The tool covers email, SMS, direct mail, social media, telemarketing and more, making it quicker and easier for small organisations to access the right advice for different types of direct marketing.
United States
19 states sue to stop DOGE from accessing Americans’ personal data
- Nineteen Democratic attorneys general sued President Donald Trump to stop Elon Musk’s Department of Government Efficiency (DOGE) from accessing Treasury Department records that contain sensitive personal data such as Social Security and bank account numbers for millions of Americans.
- Musk’s DOGE was created to eliminate what the Trump administration considers as wasteful government spending. The lawsuit accuses Treasury Secretary Scott Bessent of changing the department’s policy for protecting sensitive and financial data to allow Musk’s DOGE team access to its payment systems, failing to account for data protection obligations and ignoring the privacy expectations of federal fund recipients.
- The states involved in the lawsuit are Arizona, California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maine, Maryland, Massachusetts, Minnesota, Nevada, New Jersey, New York, North Carolina, Oregon, Rhode Island, Vermont, and Wisconsin.
Europe
OpenAI launches data residency in Europe
- OpenAI has launched its data residency in Europe, allowing European organizations to meet local data sovereignty requirements while using the company’s products.
- This is to strengthen compliance with European local privacy and data protection laws. Previously, OpenAI has been a focus of European data regulators for alleged noncompliance, with countries like Spain, Germany and Italy conducting investigations into ChatGPT’s data processing practices.
- According to OpenAI, with European data residency enabled, API requests will be handled in-region by OpenAI with zero data retention, meaning that AI model requests and responses won’t be stored at rest on the company’s servers. When switched on for ChatGPT, customer information including conversations with ChatGPT, user prompts, images, uploaded files, and custom bots will be stored at rest in the region.
Paris AI summit draws world leaders and CEOs eager for lighter regulation
- Paris is hosting the AI Summit between February 10th and 11th , gathering world leaders and technology executives to discuss how to safely embrace AI while finding a balance between regulation and innovation.
- As US President Donald Trump tears up Joe Biden’s previous AI guardrails to promote US competitiveness, pressure has built on the European Union to pursue a lighter-touch approach to AI to help keep European firms in the tech race.
- French President Emmanuel Macron has hopes flexibility will be applied to the bloc’s new AI Act to help homegrown startups, a view supported by tech companies. However, this view is not unanimous. AI safety activists worry about pressures from the US to weaken existing protections in the EU AI Act despite AI’s risks for deception and self-preservation (among other concerns), while labour leaders expressed concerns on the impact of AI on workers.
- For more details on the wider range of topics to be discussed in the summit, this follow-up article is quite comprehensive: https://www.euronews.com/next/2025/02/10/paris-ai-summit-from-deepseek-to-europes-path-heres-everything-you-need-to-know
International
Which countries have banned DeepSeek and why?
- Over the past week, government agencies in several countries are seeking or enacting bans on DeepSeek’s AI programme for their employees.
- Common arguments include “security concerns” about the Chinese technology and a lack of clarity about how users’ personal information is handled by the operator.
- There is a strong concern on how data collected by Chinese platforms could be used to support government espionage, to influence operations, or for surveillance purposes. Examples include:
- US: US lawmakers are planning to introduce a government bill to block DeepSeek from government-owned devices. Agencies enacting separate bans so far include NASA and the US Navy.
- South Korea: the Ministry of Trade, Industry and Energy announced a temporary prohibition of DeepSeek on employees’ devices, while Seoul’s Personal Information Protection Commission is requesting DeepSeek for details about how the personal information of users is managed.
- Australia: a general DeepSeek ban was mandated for all government agencies by the secretary of the Department of Home Affairs, citing the protection of Australia’s national security and interests.
- Italy: the Italian Data Protection Authority (Garante) announced that it had ordered “the limitation on processing of Italian users’ data” by DeepSeek because of the lack of information about how DeepSeek might use personal data provided by users.
- Taiwan: On February 3rd, Taiwan blocked government departments from using DeepSeek programmes, also blaming security risks.
