Privacy
Privacy Under Pressure: Drones, Data Erasure, and Quantum Deadlines
Australia tightens children's privacy, police expand drone surveillance, post-quantum mandates loom, and US data erasure spreads.
Australia’s Children’s Privacy Code Set to Reshape Digital Advertising
The Children’s Online Privacy Code (COPC) will be finalized by December 10, introducing sweeping protections for under-18s with penalties up to $3.3 million for violators. The code restricts profiling children for personalized ads, using manipulative designs, and direct marketing without verifiable consent. IAB Australia warns the code could effectively extend children’s privacy standards to all users, threatening advertising-funded business models. The draft introduces a strictly necessary test for data collection, higher than the current reasonably necessary threshold. Tanvi Mehta Krensel advises businesses to review data practices now, as privacy regulation becomes principles-based. IAB is calling for delayed enforcement and clearer guidance on what constitutes a service likely to be accessed by children.
Met Police Expands Drone Network and Facial Recognition Amid Surveillance Concerns
London’s Metropolitan Police will roll out a city-wide drone network to respond to 999 calls, expanding from a pilot in Islington that now operates nine drones attending 200 incidents weekly. Commissioner Sir Mark Rowley also pushes for greater freedom to use facial recognition and AI without new legislation, arguing that campaign groups slow progress. Privacy advocates Big Brother Watch and Liberty condemn the lack of scrutiny, calling for legal safeguards and transparency. Meanwhile, the force’s planned £50 million Palantir AI contract is blocked by the deputy mayor over procurement concerns. Rowley warns that without the deal, front-line policing faces cuts.
Drone network part of Met Police’s London-wide tech push →
Post-Quantum Cryptography: Cloudflare Sets 2029 Target as Federal Mandate Nears
Following President Trump’s executive order on June 22, 2026, Cloudflare published a roadmap to achieve full post-quantum security by 2029, a year ahead of the federal government’s 2030 deadline for sensitive systems. The order mandates encryption migration by 2030 and authentication by 2031, with contractors facing a separate 2030 deadline. Cloudflare warns of harvest now, decrypt later threats and notes that more than two-thirds of browser traffic already uses post-quantum key agreement. The second migration—post-quantum authentication—faces significant challenges due to larger signature sizes causing connection failures and slowdowns. Cloudflare recommends immediate action: protect internet traffic with post-quantum encryption, update procurement, and conduct a quantum impact inventory.
Post-Quantum Encryption: Cloudflare Moves to 2029 as Federal 2030 Mandate Reaches Every Vendor →
TD Bank Employee Surveillance Highlights Gaps in Canadian Privacy Law
Toronto-Dominion Bank deployed WorkiQ to track employees’ web browsing, messaging, and meeting app usage in its financial-crimes and risk-management units, calling it standard practice. Staff raised privacy concerns, and TD scaled back plans to collect keystrokes and mouse movements for AI training after pushback. Canada’s federal privacy law PIPEDA does not apply to provincially regulated employers in Ontario, leaving workers with few protections beyond disclosure policies. Unlike the EU’s purpose limitation principle, Ontario’s monitoring law requires only notice, not consent or restraint. The incident underscores the patchwork of Canadian workplace privacy protections.
Canadian workers have few defences against workplace surveillance →
Trump Administration Erases LGBTQ+ Data; Experts Warn Race and Ethnicity Data Next
The Trump administration has removed gender identity or sexual orientation data from over 360 federal data collections since March, per the Williams Institute. The CDC disabled transgender victims’ option to record gender identity, despite transgender people being four times more likely to be victims of violent crime. Data experts now fear the same erasure will apply to race and ethnicity data. The Administration for Children and Families began removing race, ethnicity, and sex data from LIHEAP, and OPM scrubbed federal workforce demographic datasets and surveys. The Office of Management and Budget delayed new race/ethnicity standards. Denice Ross says the changes aim to remove data revealing disparities, while White House defends restoring merit.
Trump Has ‘Almost Completely’ Erased LGBTQ+ Data. Is Race Next? →