Hello all, and happy Thursday!
Apple has been “secretly” ordered to create a backdoor that would give UK officials access to users’ encrypted iCloud backups.
Apple device users have the option to enable Advanced Data Protection, a feature that turns on end-to-end encryption, effectively blocking out third-party access (such as the UK and other governments, hackers, etc.) and even access from Apple itself.
Seeking to circumvent this protection, the UK government served Apple this order under the Investigatory Powers Act. The act also makes it illegal to reveal that you were served such an order. Obviously, in this case, the order was leaked.
But that begs the question: How often are such orders effectively kept under wraps? How often are they acted upon?
End-to-end encryption is the preferred method of digital communication for privacy-conscious individuals. Had this order not been leaked, however, Apple users would have no idea that enabling Advanced Data Protection amounts to little more than plugging a leaky boat with scotch tape.
Apple hasn’t commented on whether or not it has complied yet, but it has a long history of resisting such orders. The question is whether the next Big Tech company feels so strongly about user privacy.
Best,
Arlo
Highlights from Osano
What's New?
Blog: Introducing Osano's Ask a Privacy Pro Series
There's a lot of uncertainty out there in the world of data privacy. Now, there's a little less.
Osano's Ask a Privacy Pro video series gives you the answers you've been seeking.
Blog: 2 Major Obstacles Privacy Newbies Face (and How to Overcome Them)
Whether you’re fresh out of college and starting a privacy career or you’ve recently had privacy added to your list of responsibilities, odds are you’ll face these two challenges.
In Case You Missed It...
Blog: Don’t Mess with Texas: The First Lawsuit Under a State Data Privacy Law
In a national first, Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its subsidiaries for violating the Texas Data Privacy and Security Act (TDPSA). It could be a signal of more data privacy enforcement in the US in 2025.
Upcoming Webinars and Events...
Ask the CFO Anything: Everything You Ever Wanted to Know (But Are Afraid to Ask)
Like so many other professionals, privacy professionals are constrained by the resources at their disposal. Getting buy-in and budget seems like it’s an impossible task. There seems to be an impossible gap between what financial decision-makers see and what privacy professionals need. This webinar serves as the rare opportunity for privacy pros to ask the Osano CFO—someone with a foot in both the finance and privacy worlds—anything on their mind.
Register and Submit Your Questions | February 20th
Top Privacy Stories of the Week
Apple Ordered to Open Encrypted User Accounts Globally to UK Spying
Apple has reportedly been ordered by the UK government to create a backdoor that would give security officials access to users’ encrypted iCloud backups. If implemented, British security services would have access to the backups of any user worldwide, not just Brits, and Apple would not be permitted to alert users that their encryption was compromised.
GDPR Authorities Accused of ‘Inactivity’
Data protection authorities imposed over €1 billion in fines in 2024, but activists complain that violations of the law far too rarely result in penalties. The noyb (“None of Your Business”) association with its CEO Max Schrems even speaks of “inactivity of national data protection authorities.” On average, only 1.3 percent of all cases before the data protection authorities result in a fine, the activists report, citing statistics from the European Data Protection Board.
EU Commission Issues Guidelines on Prohibited AI Practices Under EU AI Act
On February 2nd, the EU AI Act’s prohibition on certain AI practices came into effect. A few days later, the European Commission issued draft guidelines clarifying the practices that are prohibited under the act.
DeepSeek May Face Further Regulatory Actions, EU Privacy Watchdog Says
DeepSeek may face more actions from national regulators in the future, said Europe's privacy watchdog said a spokesperson for the European Data Protection Board. After Italy blocked the Chinese AI chatbot over a lack of information on its use of personal data, national privacy regulators met to discuss DeepSeek and its compliance with the GDPR.
Tide May Be Turning in Businesses’ Favor After Key California Court Decisions in Website Tracking Cases
Two recent court decisions have provided businesses with long-awaited clarity on the reach of the California Invasion of Privacy Act (CIPA)—and could begin to redefine digital privacy litigation. Two separate California state courts dismissed claims involving website tracking technologies last week, providing solid defenses for businesses to deploy if faced with similar threats or lawsuits.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!