On 21 February, Apple stopped offering its end-to-end encrypted (E2EE) Advanced Data Protection (ADP) service for users in the UK. This decision is reportedly linked to the UK government’s request from January 2025 for Apple to create ‘backdoor’ access to user data stored in its cloud servers.
Although the UK government has had the authority to request the removal of ‘electronic protection’ on user data since the 2016 surveillance law, this is the first time the potential use of this power has been reported. Apple has not directly acknowledged or commented on these orders, as the law prohibits them from doing so, however, it stated that it remains committed to offering users the highest level of security for their personal data. Similarly, Apple had previously warned Parliament about the risks of approving expansions to this power.
The removal of ADP means that Apple will have access to UK users’ files (i.e., device backups, photos, notes, and voice memos), which can be shared with law enforcement upon obtaining a warrant. Imposing obligations for law enforcement cooperation could threaten the spirit of E2EE, since it authorises judges to intervene in citizens’ private communications and data.
E2EE Enabling Privacy and Human Rights
Launched in 2022, Apple’s ADP function uses E2EE on data stored in the cloud. This means, for users who have opted in, only the account owner – not even the party providing this service (Apple) – can access and view data stored in iCloud. E2EE is considered one of the most secure and privacy-protective methods of communication and data storage.
E2EE serves to guarantee security and privacy in the digital world. Given the uptick in cybercrimes, E2EE has become one of the best options to protect digital platforms and services users from hackers. By enforcing these investigatory powers on Apple, the UK makes it harder for their customers to use their right to privacy and data protection, including encryption.
Moreover, the rise of digital authoritarianism, evolving digital threats, and increasingly global and sensitive online communications underscore the importance of E2EE for protecting human rights. Journalists, for example, need secure communication to protect their sources and their own safety. Civil society organisations have raised their concerns to the UK government about any potential legislation undermining encryption and digital security. Meanwhile, the UK government have previously pushed back on encryption, arguing that the technology can be used by harmful actors to hide activities and communications.
Security vs. Privacy?
This recent development highlights the flawed debate between government responsibility to protect citizens and individual privacy rights. These are not (and should not be) mutually exclusive. Governments can protect citizens while respecting their privacy by implementing balanced policies that address security needs without undermining security tools or, worse, overstepping into unwarranted surveillance or data collection.
At Access Partnership, we constantly monitor data policies to ensure you stay ahead of regulatory changes. To learn more about the impact of the termination of UK end-to-end encryption on user privacy and how your organisation can navigate the evolving privacy and security landscape, contact Rodrigo Serralonga at [email protected].
