According to internal memos seen by Reuters, the tool is called the Model Capability Initiative (MCI). It will run on work-related apps and websites to gather examples of how staff use computers during their normal duties.

Meta said the aim is to improve its systems in tasks where AI still struggles, including using keyboard shortcuts, selecting options from drop-down menus and navigating software interfaces.

A company spokesperson said: “If we’re building agents to help people complete everyday tasks using computers, our models need real examples of how people actually use them, things like mouse movements, clicking buttons, and navigating dropdown menus.”

The spokesperson added: “There are safeguards in place to protect sensitive content, and the data is not used for any other purpose.”

Meta also said information collected through the tracking software would not be used for performance reviews or staff assessments.

This development is in line with a goal to place AI at the centre of daily work. Chief Technology Officer Andrew Bosworth told employees in a separate memo that the company’s long-term goal is to build systems that can carry out most tasks while workers guide and review the results.

He said: “The vision we are building towards is one where our agents primarily do the work and our role is to direct, review and help them improve.”

Meta has also encouraged staff to use AI tools for coding and other work, even where it may slow productivity in the short term.

The company has reportedly introduced a job label known as “AI builder” and created a new Applied AI engineering team to strengthen coding tools and develop workplace agents.

The latest changes come as Meta Platforms prepares to cut 10% of its global workforce from May 20, with more reductions expected later this year, according to the Reuters report.

Labour and privacy experts have raised concerns over the practice.

Ifeoma Ajunwa, a law professor and scholar of workplace surveillance said monitoring tools have usually been used to detect misconduct, but logging keystrokes pushes surveillance further by exposing office workers to close real-time monitoring once more common among delivery and gig workers.

She said: “On the U.S. side, federally, there is no limit on worker surveillance.”

Valerio De Stefano said similar monitoring would likely face legal limitations in Europe under privacy and labour laws, including the General Data Protection Regulation.

He also warned that awareness of constant monitoring can shift workplace power further towards employers.

In a statement on Tuesday, the commission said it endorsed the “Joint Statement on AI-Generated Imagery and the Protection of Privacy”, a document coordinated by the International Enforcement Cooperation Working Group of the Global Privacy Assembly.

The statement highlights concerns over tools that can create realistic images and videos of identifiable people. Regulators say such tools are being misused to produce non-consensual images, defamatory materials and other harmful content. Children and other vulnerable groups face the greatest risk.

According to the NDPC, the initiative with data authorities urges organisations to put safeguards in place before deploying such systems. It also asks companies to be transparent about how their tools work, set up effective content removal channels and comply with data protection laws in their countries.

AI tools are now widely accessible, and in many cases, they can generate images that look real within seconds. When those images feature real people, the privacy impact is immediate.

The commission said its participation reveals Nigeria’s ongoing efforts to promote responsible use of artificial intelligence, referring to steps already taken at home, including work on a national policy framework.

The Minister of Communications, Innovation and Digital Economy, Dr Bosun Tijani, previously led the development of Nigeria’s National AI Strategy.

In addition, the NDPC issued its General Application and Implementation Directive (GAID), which requires data controllers and processors to embed privacy protections into their systems from the design stage.

The National Commissioner and Chief Executive Officer of the NDPC, Dr Vincent Olatunji, has now directed that Compliance Audit Returns under the Nigeria Data Protection Act will be used to assess how major data controllers and processors apply AI in their operations.

The commission said the audit process will serve as a benchmark for monitoring responsible data processing practices, especially where AI tools are involved.

The development comes after years of legal and political challenges, which threatened to ban the app for more than 200 million Americans.

The new entity, TikTok USDS Joint Venture LLC, will house U.S. user data and algorithms under strict cybersecurity measures. American and global investors will hold 80.1% of the venture, leaving ByteDance with 19.9%. 

Oracle, Silver Lake, and Abu Dhabi-based MGX are the managing investors, each with a 15% stake. TikTok’s U.S. data and recommendation algorithm will be hosted on Oracle’s U.S. cloud, allowing oversight while ByteDance continues to manage revenue-generating operations like advertising and e-commerce.

The venture’s leadership includes former TikTok USDS executives Adam Presser as CEO and Will Farrell as chief security officer. TikTok CEO Shou Chew joins the board to provide strategic guidance. 

The JV will retrain and update TikTok’s content algorithm to ensure it operates solely on U.S. user data.

This deal results from the Protecting Americans from Foreign Adversary Controlled Applications Act, passed in April 2024. The law required ByteDance to divest TikTok’s U.S. assets or face a nationwide ban, a provision upheld by the Supreme Court in January 2025. 

Without the divestiture, TikTok risked removal from app stores and halted updates, which could have significantly weakened the platform’s U.S. presence.

The agreement received bipartisan attention. Former President Donald Trump, who first tried to ban the app in 2020 over national security concerns, praised the venture as “owned by a group of Great American Patriots and Investors.” 

The White House confirmed that both U.S. and Chinese authorities signed off on the deal, although the Chinese Embassy in Washington has not yet commented publicly.

The joint venture is part of a U.S.-China technology rivalry. In separating U.S. user data and algorithms from ByteDance’s global operations, the structure aligns with earlier national security debates surrounding Chinese tech firms. 

TikTok’s U.S. operations are effectively split, the venture oversees data and backend operations, while ByteDance maintains commercial operations, including e-commerce and advertising.

Investors include high-profile firms such as the Dell Family Office, Vastmere Strategic Investments, Alpha Wave Partners, Revolution, Merritt Way, Via Nova, Virgo LI, and NJJ Capital. 

TikTok aims to comply with U.S. law and also to reassure users and regulators about data security while maintaining the app’s growth and influence in the U.S.

The new infrastructure will serve users across Australia and New Zealand, reducing latency, improving application responsiveness, and ensuring compliance with strict data residency requirements in sectors such as healthcare, finance, and government.

With the server based locally, organisations will gain several immediate benefits. Applications will run more smoothly due to shorter data travel times, downtime risks will be reduced with improved recovery systems, and businesses will be able to keep critical information onshore, a requirement in many regulated industries. 

The infrastructure also provides flexibility to scale as customer needs evolve, whether for small businesses or larger enterprises.

Andrew Travis, chief revenue officer (CRO) at Foxit, said: “Bringing our intelligent PDF and document management solutions even closer to Foxit’s Australian customers is a significant milestone, reflective of our ongoing commitment to increasing trust and globalization. By hosting data locally, we are significantly improving performance and reliability and ensuring our customers meet stringent regulatory requirements.”

The Australian rollout comes under Foxit’s global expansion strategy to localise its cloud infrastructure. This approach aims to ensure users worldwide can access secure, high-performance digital document solutions without relying on distant servers.

Customers in Australia can now take full advantage of Foxit’s suite of tools, including secure document collaboration, advanced editing, and e-signature features, while enjoying the assurance of local cloud hosting.

Foxit, a provider of PDF and eSignature products, serves more than 640,000 customers in over 200 countries, ranging from small businesses to multinational enterprises. The company maintains offices across the United States, Europe, Asia, and Australia.

The new app, internally named “M2”, is expected to hit U.S. app stores on 5 September 2025,  just days before the extended deadline for its parent company ByteDance to sell its U.S. operations.

This version, unlike the global one, is being built to run on an entirely separate infrastructure by engineers in the U.S. and Singapore, aimed squarely at addressing American data privacy and national security concerns. 

According to sources familiar with the matter, users will be allowed to continue using the current TikTok app until March 2026, but will eventually be forced to migrate.

This drastic restructuring results from the Protecting Americans from Foreign Adversary Controlled Applications Act, signed into law in April, which mandates ByteDance’s full divestment from TikTok’s U.S. operations or risk being barred in the country.

President Donald Trump, whose administration pushed through the law, said recently: “We pretty much have a deal.”

He noted that the prospective buyers are a group of “very wealthy people”, though no names have been officially confirmed. Reports suggest Oracle and venture capital firm Andreessen Horowitz are part of the investor consortium.

Despite the positivity from Washington, the obstacle lies thousands of miles away in Beijing. Chinese authorities have made it clear that they oppose what they view as a forced sale.

The Chinese Ministry of Commerce previously stated that any technology export must go through its approval process, pointing that the final decision might rest on geopolitical rather than commercial terms.

This makes the entire operation fragile. With Trump’s trade issues against China escalating, including 145% tariffs on Chinese electric vehicles and tech components earlier this year, analysts suggest Beijing could use TikTok as a bargaining chip. In other words, the U.S. might have a buyer and a timeline, but China still holds the key.

For TikTok, the stakes couldn’t be higher. The platform commands more than 170 million users in the U.S. and serves over 7.5 million American businesses.

A sudden disruption, whether by government order or technical transition, could upend content creators’ incomes, freeze digital ad spending, and fragment a platform deeply embedded in U.S. popular culture.

There’s also the question of whether users will willingly adopt a new version of the app. Forced migration in digital products often faces resistance, and TikTok’s power lies in its network effects.

Fragmenting that network, even temporarily, could open doors for competitors or cause users to disengage altogether.

ByteDance has not issued a public statement regarding “M2” or the ongoing sale process. The Information, which first reported the app development, says internal testing is already underway.

This is another step in Europe’s investigation of Chinese tech firms accused of flouting privacy rules.

The Berlin Data Protection Commissioner, Meike Kamp, invoked Article 16 of the EU’s Digital Services Act (DSA) in a formal notice to both tech giants, declaring DeepSeek’s app as illegal content under European law. 

At the heart of the matter is the company’s transfer of user data to China, without any of the legal safeguards mandated by the EU’s General Data Protection Regulation (GDPR).

Kamp stated, “DeepSeek has not been able to provide my agency with convincing evidence that German users’ data is protected in China to a level equivalent to that in the European Union.”

That alone would be enough to raise red flags. But the issue runs deeper.

Germany’s investigation found that DeepSeek violated Article 46 of the GDPR, which governs international data transfers. China does not have an EU adequacy decision, a prerequisite for transferring personal data outside Europe without further protections. 

Yet DeepSeek allegedly failed to implement even basic legal mechanisms, such as Standard Contractual Clauses (SCCs), that could have made such transfers lawful.

According to DeepSeek’s own privacy policy, the app stores an alarming range of personal data, including search queries, chat histories, uploaded documents, and location data, on servers based in China. Nowhere in the policy is GDPR mentioned. No safeguards are outlined. No clarity is given.

This isn’t the first time the company has faced European resistance. Italy’s data protection authority banned DeepSeek earlier this year after it failed to explain how it collects and processes user data. The Netherlands followed shortly after, warning the public not to submit sensitive information through the app.

In the United States, lawmakers are drafting legislation that would prohibit federal agencies from using AI models developed in China. A senior U.S. State Department official told Reuters that “DeepSeek is actively supporting China’s military and intelligence operations, including providing services to PLA research institutions.” 

The same report revealed that the company allegedly used shell companies in Southeast Asia to bypass U.S. export controls and acquire Nvidia H100 chips, restricted hardware used for training advanced AI models.

These concerns have been amplified by DeepSeek’s rapid ascent. The company claimed in January that its AI models, such as DeepSeek-R1 and V3, rival those of OpenAI and Meta—at a fraction of the cost. It reportedly trained its large language model for just $5.6 million, a figure many experts find highly questionable. 

Nevertheless, the apps have surged in popularity, topping download charts across multiple countries, and exposing users’ data to foreign jurisdictions.

Despite repeated requests from German authorities since May, DeepSeek refused to adjust its data practices or withdraw voluntarily from the app stores. With that deadline now past, the commissioner’s office has moved decisively.

Apple and Google are expected to act quickly, but neither company has responded to requests for comment. 

Similarly, as digital payments become the new face of commerce, trust has become the key currency that defines a company’s success or downfall.

For Payment Service Providers (PSPs) data privacy is not just a checkbox anymore, it is the bedrock of customer loyalty and sustained growth.

Why is data privacy Important?

Think of all the data you generate every time you make a digital payment, from your personal information to your location and financial details.

Now imagine what happens when this information is mishandled or even worse, exploited for ill intent. It is no wonder that 94% of consumers, according to the Cisco 2024 Data Privacy Benchmark Study, say they wouldn’t purchase from a business they don’t trust to protect their data.

Data breaches can destroy customer confidence in addition to causing enormous financial damages. Years of work to establish credibility and a clientele can be reversed by a single data leak.

For PSPs, prioritizing data privacy is not just about keeping hackers at bay, it is about building a solid reputation. Reassuring your customers that,” We’ve got your back” in today’s world is worth its weight in gold.

By embedding privacy into the operations and company foundation, PSPs can secure customers, drive loyalty to the brand and ultimately execute their digital payment strategy since in this field trust begins with privacy.

How much are companies spending on data privacy?

Safeguarding data privacy can lead to financial gains! The Cisco study further states that in 2023, companies spent an average of $ 2.7 million on privacy initiatives with large corporations increasing their budgets by 7-8% as a result. For every $100 spent, businesses saw a $160 in returns.

Additionally, this is not just about computing losses from breaches, but it also incorporates improved efficiency, stronger customer relationships and a clear competitive edge.

The financial benefits of investing in data privacy extend beyond avoiding penalties. Companies that prioritize privacy witness enhanced customer loyalty to their brand which results in high retention rates.

This serves as a golden ticket, especially in a competitive market like the payment industry where customers are more likely to choose and stick with businesses they trust. So, then the question isn’t, “Can we afford to prioritise data privacy?” but rather is, “Can we afford not to?

How digital payment companies are leveraging data privacy to build trust

Leading in digital payments goes hand in hand with making data privacy a fundamental pillar of business strategy.

Take Network for example, a provider of technology-enabled payment services in the Middle East and Africa (MEA) region.

The company has designed a multi-layered defence system that provides end-to-end data security protection for its solutions like QR code payment, which protects customers’ private data during payments. All crucial information is encrypted and stored within the code.

By giving people authority over their data and exhibiting a dedication to moral data management, PSPs are building consumer confidence and security, which promotes broader usage of their services.

Tips for protecting data and building trust in digital payments

Building trust in the digital payment landscape isn’t a one-sided task. Instead, it is a shared responsibility between businesses and consumers.

For businesses this means implementing encryption and multi-factor authentications to secure sensitive data; much like how Google plays the role of a police officer as it immediately interrogates you when you sign in to your account with a new device.

Businesses also communicate their data policies clearly and conduct audits to comply with regulations like the Data Protection Act or General Data Protection Regulation (GDPR) or Payment Card Industry Data Security Standard (PCI DSS).

On the other hand, consumers can play their part by using strong passwords; your pet might be the shield to your happiness, but it isn’t strong enough to safeguard your finances.

Customers can also enable two-factor authentication, review privacy settings on the apps they install, stay cautious of phishing scams and keep devices updated. It is through collaborative efforts that these initiatives can create a safe digital ecosystem.

Businesses should invest in ongoing education for their teams. Employees who understand the importance of data privacy are less likely to make errors that might compromise data.

Moreover, leveraging advanced technologies such as artificial intelligence can help identify vulnerabilities and even mitigate risks before the blow up.

Looking ahead

Data privacy is about taking advantage of opportunities as well as avoiding risks. By integrating privacy into their core operations, PSPs may promote innovation and facilitate cross-border transactions.

The risks to data privacy increase proportionally with technological advancements. Businesses that adjust and remain ahead of these obstacles will keep winning because they are able to guarantee a seamless and secure experience for customers.

Therefore, prioritising data privacy isn’t just smart, it is essential. It is the key to building resilient businesses and loyal customers, paving the way for a secure and interconnected future.

[*Article by Network]

Techeconomy gathered that the purpose of the meeting was to explore collaboration between these industry giants and the Commission. 

The tech giants acknowledged that a key pillar of the Commission’s strategic roadmap is collaboration, and expressed their interest in aligning with this vision.

They emphasised the value of leveraging their expertise and insights, alongside those of the Commission, to support its mandate.

It was also noted that this partnership would serve as a platform for knowledge sharing, capacity building, and exchanging perspectives between industry practitioners and the Commission.

In his response, Dr Olatunji expressed his delight at the prospect of collaborating with global tech giants. He highlighted the Commission’s existing partnerships with various organisations, both within Nigeria and internationally, which have contributed to its success.

The NDPC CEO stressed the importance of synergy between the public sector, private sector, civil society groups, and academia. He warmly welcomed the collaboration offer and emphasised that it should be aligned with the Commission’s Strategic Roadmap and Action Plan (SRAP) 2023–2027.  

This initiative, which fosters partnerships between industry working groups and the government, will be the first of its kind in Africa. 

The next step discussed was the formation of a working group and the development of a terms of reference to guide the collaboration.

The violations occurred between 2018 and 2020, according to a statement released by the regulator.

An investigation launched in 2019 revealed that Netflix’s privacy processes fell short of the transparency requirements outlined in the General Data Protection Regulation (GDPR). 

The DPA found that Netflix’s privacy statement during the period in question did not clearly explain how customer data was being handled, why it was being collected, and who it was being shared with.

Again, when customers sought clarification about their personal data, Netflix’s responses were deemed insufficient. The DPA also noted that the platform did not provide adequate information on how long it retains user data and how it safeguards information transmitted outside the European Union.

Aleid Wolfsen, chairman of the Dutch DPA, stressed the importance of transparency in data handling, particularly for major companies. “A global company like Netflix must ensure it communicates clearly with its customers about how their data is managed. This is a fundamental right under GDPR, and Netflix failed to meet this standard,” Wolfsen stated.

The investigation was prompted by complaints filed by the Austrian privacy group None of Your Business (noyb). Since Netflix’s primary European base is in the Netherlands, the Dutch regulator took the lead in the inquiry, working in coordination with other European authorities.

Netflix has objected to the fine, asserting that it has made effective improvements to its privacy practices since the investigation began. A company spokesperson said, “We have cooperated with the Dutch DPA throughout this process and have proactively enhanced our privacy information to better serve our members.”

Aside from the current Netflix fine, other tech giants are also facing similar issues. Meta was recently fined €251 million by Irish regulators for a separate data breach involving Facebook users. 

Without any prior announcement or consent from its users, the social networking platform is now using user-generated content to enhance its AI tools.

Users can, however, opt out of this arrangement by navigating to their account settings. Under the ‘Data Privacy’ section, a feature labelled “Data for Generative AI Improvement” allows individuals to disable the use of their data for AI training. 

While this stops LinkedIn from using your data in the future, it does not reverse the use of information already processed for this purpose.

This issue has led to complaints regarding transparency and user autonomy, particularly as LinkedIn rolled out this update without making a public announcement. 

Users argue that defaulting users into such programmes without their informed consent is a violation of privacy. In response, LinkedIn has added details about its generative AI practices to its privacy policy, which now explicitly states that the platform may use personal data to develop AI-driven services and insights.

The company claims it employs privacy-enhancing technologies to anonymise or redact personal data from its AI training sets. However, some users remain uneasy about the potential misuse of their data, particularly given the broader concerns over privacy in the digital space.

Notably, LinkedIn has confirmed that the use of personal data for AI training does not affect users residing in the European Union (EU), European Economic Area (EEA), or Switzerland due to stricter data protection regulations in those regions.

Users outside these regions who wish to prevent further use of their data must manually opt-out.

Apart from generative AI, LinkedIn also relies on machine learning for content personalisation and moderation.

Opting out of the generative AI training does not exclude users from other data-driven activities unless they also submit a LinkedIn Data Processing Objection Form, which offers more comprehensive data protection.