Privacy
Quantum Threats, Google’s IP Shift, and More in Privacy Brief
France phases out non-quantum encryption, Google tracks by IP in EU, Apple updates passwords, and US warns of China-linked data risks.
China’s Drug Supply Chain Dominance Poses Data Privacy Threat to Seniors
A US Senate Special Committee on Ageing hearing on Wednesday highlighted how China’s control of pharmaceutical supply chains endangers older Americans through both medicine dependency and data privacy breaches. Senator Rick Scott noted that China supplies 87% of active pharmaceutical ingredients for US antibiotics, citing a Coalition for a Prosperous America report. All four witnesses came from the US-China Economic and Security Review Commission. Ranking member Kirsten Gillibrand called the reliance a national security issue, warning that the US cannot depend on China for essential medicines in a crisis. The hearing also pointed out that older Americans hold most of the nation’s wealth and medical histories, making them prime targets for financial scams and data privacy breaches. Senator Jon Husted said the US has been ‘asleep at the wheel’. A 2025 Brookings Institution report estimated that Chinese APIs account for roughly a quarter of drug volume sold in the US, with antibiotics particularly exposed. The US has also characterised China as the primary source of fentanyl precursor chemicals, compounding the opioid crisis among seniors. The hearing underscored that data privacy is now intertwined with national security and public health.
Alarm raised over China’s threat to older Americans through drug supply chains →
France to Stop Certifying Non-Quantum Encryption by 2027
France’s cybersecurity agency ANSSI announced this week that it will stop certifying security products lacking quantum-safe encryption beginning in 2027, effectively phasing out older cryptographic systems. ANSSI Chief of Staff Samih Souissi stated that the move is about governance, industrial planning, and sovereignty, not just technology. Certification is required for French government agencies and critical infrastructure operators, making the decision a de facto phase-out. The policy change comes amid growing concern about Q-Day, the expected arrival of quantum computers capable of cracking modern encryption. Security experts warn of ‘harvest now, decrypt later’ attacks, where adversaries collect encrypted data today for future decryption. Google set a 2029 deadline for its own post-quantum transition, and a May estimate by Project Eleven suggested a cryptographically relevant quantum computer could arrive as early as 2030, putting roughly 7 million Bitcoin at risk. The Ethereum Foundation and Coinbase’s quantum advisory council have urged blockchain developers to prepare now. The Stellar Development Foundation unveiled a three-stage migration roadmap. Boundless CEO Shiv Shankar cautioned against panic, noting that the smartest minds are working on the problem.
France to Phase Out Non-Quantum Encryption as Bitcoin Security Concerns Grow →
Google to Use IP Addresses for Ad Personalization in EU and UK by August 2026
Google has begun notifying advertisers that it will start using IP addresses for ad measurement and personalization across the European Economic Area, UK and Switzerland on or after August 3, 2026. IP addresses are already received on nearly every request but will now be repurposed to identify devices, triggering consent requirements under GDPR. Google will register under the IAB Europe Transparency and Consent Framework for Feature 3. The company frames the change around privacy-enhancing technologies like on-device processing and trusted execution environments. Some personalization features will not arrive until later in 2026 or early 2027, at which point Google says it will let users make a choice. The UK’s Information Commissioner’s Office called Google’s December 2024 reversal on fingerprinting ‘irresponsible’. The ICO’s May 2026 advice to the UK government suggests keeping consent mandatory for cross-service profiling. Google’s rollout puts the compliance burden on advertisers to obtain valid consent. Users can currently decline non-essential cookies and review ad settings at myadcenter.google.com.
Google to use UK and EU user IP addresses for ad personalization →
Apple’s iOS 27 Passwords App Gains AI-Powered Weak Password Updater
In iOS 27, Apple is introducing a feature in its Passwords app that automatically upgrades all weak or compromised passwords. The feature uses a mix of on-device automation and Apple’s Private Cloud Compute, which promises not to retain personal user data after a request. This move aims to boost user security and privacy by encouraging stronger passwords without manual effort. The update is part of Apple’s broader push to integrate AI while maintaining its privacy commitments.