United Kingdom
Compensation company fined £90,000 for unlawful marketing calls
- AFK Letters Co Ltd (AFK), a company which writes letters seeking compensation and refunds for its customers, has been fined £90,000 by the Information Commissioner’s Office (ICO) for making over 95,000 unsolicited marketing calls to individuals registered with the Telephone Preference Service (TPS).
- Between January and September 2023, AFK used data collected through its own website and a third-party telephone survey company to make 95,277 marketing calls, without being able to demonstrate valid and specific consent from the individuals contacted.
- ICO’s investigation found that AFK failed to comply with Regulation 21 of the Privacy and Electronic Communications Regulations (PECR), which requires organisations to have clear, informed and specific consent before making unsolicited direct marketing calls.
- Andy Curry, Interim Director of Enforcement and Investigations at the ICO, said: “This fine should serve as a clear warning to and learning for other organisations: if you cannot demonstrate valid consent for people on the Telephone Preference Service, you should not be contacting people. If people are being asked for consent to be contacted, it should be absolutely clear what this is for.”
WhatsApp defends ‘optional’ AI tool that cannot be turned off
- WhatsApp has introduced a new AI chatbot feature powered by Meta’s Llama 4 model, which it claims is “entirely optional,” despite the fact that users cannot remove it from the app.
- This feature is being rolled out gradually in select countries, with Meta noting it might not yet be available to all users, even within the same country.
- The feature has attracted public criticism, with Dr. Kris Shrishak, an AI and privacy adviser, accusing Meta of exploiting its user base and using people as “test subjects” for AI. “Now that the legality of their approach has been challenged in courts, Meta is looking for other sources to collect data from people, and this feature could be one such source,” he said.
- The ICO has stated that it will continue to monitor Meta’s use of AI technology and personal data within WhatsApp, emphasising that organisations must comply with data protection laws, especially when using personal data for AI development.
United States
US lawmakers subpoena China telecom giants over security concerns
- On April 23rd, in a bipartisan effort, the House of Representatives’ select congressional committee on China used its rarely exercised subpoena powers to compel China Mobile, China Telecom, and China Unicom to answer questions about whether they could exploit access to American data through their U.S. cloud and internet businesses.
- This action was part of the committee’s broader investigation into the alleged support of China’s three telecom giants for the Chinese military and government.
- Democratic and Republican lawmakers have expressed continuous concerns over the Chinese telecoms’ U.S. operations following several high-profile Chinese-led cyberattacks, including Volt Typhoon, which the FBI said has allowed China to gain access to American telecommunications, energy, water and other critical infrastructure.
- Beijing has denied responsibility for those attacks. A spokesperson for China’s embassy in Washington said in a statement: “We oppose the U.S. over-stretching the concept of national security, using national apparatus and long-arm jurisdiction to bring down Chinese companies.”
Europe
Ubisoft Game Faces £79m Fine as Privacy Experts Uncover Hidden Data Harvesting
- Noyb, a European digital rights organisation (founded by Max Schrems), has accused French video game developer Ubisoft of illegally harvesting player data without consent, claiming a lack of valid legal basis for processing personal data under Article 6(1) GDPR.
- The group is seeking a £79 million fine and the deletion of the allegedly unlawfully collected data, as outlined in a complaint filed with the Austrian data protection authority on April 24, 2025.
- The complaint highlights that Ubisoft forces players to connect to the internet to launch single-player games with no online features, such as Far Cry Primal and Assassin’s Creed Shadows, enabling the collection of gaming behaviour data such as playtime, start and end times.
- The encrypted nature of Ubisoft’s data transfers prevents players from knowing exactly what data is shared, raising privacy concerns. One Far Cry Primal user noticed the game pinged external servers (including Amazon and Google) 150 times in 10 minutes.
- Ubisoft has previously faced similar allegations. In 2024, a class-action lawsuit accused the company of sharing Ubisoft Store user data with Meta through a tracking pixel without consent. However, the case was dismissed by a California judge in April 2025, who ruled that sufficient user consent disclosures were provided.
- If upheld, Noyb’s complaint may set a precedent for the gaming industry, potentially rippling across publishers such as EA and Activision, which also rely on online features.
China’s data protection rules prompt pause from major European research funders
- Several of Europe’s major funders of scientific collaboration with China, particularly in fields such as viruses and air quality, have suspended bilateral research programs due to concerns over China’s data protection laws.
- China’s ‘Data Security Law’ prohibits sharing “important data” with foreign entities without approval, but the definition of “important data” remains unclear, raising concerns for international collaborations. China has defined “important data” as that which poses a threat to China’s national and economic interests or affects the rights of individuals or organisations. However, no detail has been provided beyond this.
- The Swiss National Science Foundation stated that it’s difficult to assess when research collaborations could face sanctions or penalties, as the definition of “important data” lacks clarity, and additional security clearance from China’s Cyberspace Administration is required for exporting such data.
- Since the law’s enactment in 2021, three major European funding agencies—the German Research Foundation, Swedish Research Council, and Swiss National Science Foundation—have refrained from co-funding projects with China’s National Natural Science Foundation, citing potential conflicts with local data laws and legal risks.
International
DeepSeek available to download again in South Korea after suspension
- Chinese artificial intelligence service DeepSeek has become available again on the South Korean app market today for the first time in about two months; downloads had previously been suspended after authorities cited breaches of data protection laws.
- South Korea’s Personal Information Protection Commission (PIPC) said that DeepSeek transferred user data and prompts without permission when the service first launched in South Korea in January.
- “We process your personal information in compliance with the Personal Information Protection Act of Korea,” DeepSeek said in a revised privacy policy note on the app. DeepSeek said that users have the option to refuse to allow the transfer of personal information to several companies in China and the United States.
Nigerian tribunal upholds $220 million fine against Meta for violating consumer, data laws
- A $220 million (~£164,785,367) fine against Meta for violating local consumer, data protection and privacy laws, issued by Nigeria’s competition authority, has been upheld following an unsuccessful appeal.
- Nigeria’s Federal Competition and Consumer Protection Commission (FCCPC) fined Meta last July for discriminatory and exploitative practices against Nigerian consumers, compared with other jurisdictions with similar regulations.
