UK’s Encryption Order to Apple: A Threat to Privacy?

UK’s Encryption Order to Apple: A Threat to Privacy?

On 21 February, Apple stopped offering its end-to-end encrypted (E2EE) Advanced Data Protection (ADP) service for users in the UK. This decision is reportedly linked to the UK government’s request from January 2025 for Apple to create backdoor access to user data stored in its cloud servers.  

Although the UK government has had the authority to request the removal of ‘electronic protection’ on user data since the 2016 surveillance law, this is the first time the potential use of this power has been reported. Apple has not directly acknowledged or commented on these orders, as the law prohibits them from doing so, however, it stated that it remains committed to offering users the highest level of security for their personal data. Similarly, Apple had previously warned Parliament about the risks of approving expansions to this power.  

The removal of ADP means that Apple will have access to UK users’ files (i.e., device backups, photos, notes, and voice memos), which can be shared with law enforcement upon obtaining a warrant. Imposing obligations for law enforcement cooperation could threaten the spirit of E2EE, since it authorises judges to intervene in citizens’ private communications and data.  

E2EE Enabling Privacy and Human Rights

Launched in 2022, Apple’s ADP function uses E2EE on data stored in the cloud. This means, for users who have opted in, only the account ownernot even the party providing this service (Apple)can access and view data stored in iCloud. E2EE is considered one of the most secure and privacy-protective methods of communication and data storage.  

E2EE serves to guarantee security and privacy in the digital world. Given the uptick in cybercrimes, E2EE has become one of the best options to protect digital platforms and services users from hackers. By enforcing these investigatory powers on Apple, the UK makes it harder for their customers to use their right to privacy and data protection, including encryption.   

Moreover, the rise of digital authoritarianism, evolving digital threats, and increasingly global and sensitive online communications underscore the importance of E2EE for protecting human rights. Journalists, for example, need secure communication to protect their sources and their own safety. Civil society organisations have raised their concerns to the UK government about any potential legislation undermining encryption and digital security. Meanwhile, the UK government have previously pushed back on encryption, arguing that the technology can be used by harmful actors to hide activities and communications.  

Security vs. Privacy?

This recent development highlights the flawed debate between government responsibility to protect citizens and individual privacy rights. These are not (and should not be) mutually exclusive. Governments can protect citizens while respecting their privacy by implementing balanced policies that address security needs without undermining security tools or, worse, overstepping into unwarranted surveillance or data collection. 

At Access Partnership, we constantly monitor data policies to ensure you stay ahead of regulatory changes. To learn more about the impact of the termination of UK end-to-end encryption on user privacy and how your organisation can navigate the evolving privacy and security landscape, contact Rodrigo Serralonga at [email protected]

Related Articles

Securing the Internet: A Conversation with Chris Locke, Internet Society Foundation

Securing the Internet: A Conversation with Chris Locke, Internet Society Foundation

Join Lim May-Ann, Director of Multilateral Relations, Data Policy, and Partnerships at Access Partnership, and special guest Chris Locke, EVP...

31 Mar 2025 Opinion
Securing America’s Innovation Future: Modernising IP for AI and Emerging Technologies

Securing America’s Innovation Future: Modernising IP for AI and Emerging Technologies

This opinion piece is part of Access Partnership’s  ‘A Digital Manifesto’  initiative, which recommends a framework to develop US global leadership on...

28 Mar 2025 General
Bridging the Privacy Gap: Recommendations for a Comprehensive Federal Data Protection Law

Bridging the Privacy Gap: Recommendations for a Comprehensive Federal Data Protection Law

This opinion piece is part of Access Partnership’s  ‘A Digital Manifesto’  initiative, which recommends a framework to develop US global leadership on...

21 Mar 2025 General
Bridging the Digital Divide: A Blueprint for Modernising US Broadband Infrastructure

Bridging the Digital Divide: A Blueprint for Modernising US Broadband Infrastructure

This opinion piece is part of Access Partnership’s  ‘A Digital Manifesto’  initiative, which recommends a framework to develop US global leadership on...

14 Mar 2025 General