Intruding Our Privacy

If you wouldn’t leave your front door unlocked for strangers, why should your digital life be any different?

That question sits at the heart of Apple’s recent decision to withdraw its Advanced Data Protection (ADP) feature from iCloud in the UK. Until now, ADP offered airtight, end-to-end encryption, putting the keys to your data firmly in your own hands. But the Investigatory Powers Act—often called the “Snooper’s Charter”—demanded a backdoor into Apple’s most secure system. Rather than compromise its product and user trust, Apple pulled ADP for from the UK entirely.

This isn’t the first time government intervention has clashed with individual privacy. Centuries ago, in the Middle Ages (roughly 5th–15th centuries), personal data as we know it didn’t exist. Data collection was a luxury reserved for the elite, with detailed records maintained to prove noble lineage and secure power. Yet even then, people still sent letters—and with every letter came the risk of interception. By the Tudor Era (1485–1603), institutionalised espionage was in full swing, as correspondence was routinely read to gain political advantages.

Over time, the notion of privacy evolved into a core human right. In 1948, the Universal Declaration of Human Rights declared privacy a fundamental liberty, and just two years later, the European Convention on Human Rights enshrined protections for private life and correspondence under Article 8.

The UK then incorporated these principles into domestic law with the Human Rights Act 1998 (HRA). Despite its significance, however, the HRA always bowed to parliamentary sovereignty, meaning it could be amended or repealed at will.

By the 1980s, personal computers began appearing in offices and homes, marking a turning point in data protection. In the UK, the Data Protection Act 1984 set up an official watchdog—now known as the Information Commissioner’s Office (ICO)—and recognised people’s right to know when their data was collected or used. Though limited in scope (it only covered computer-stored data), it laid down the first real safeguards for personal information.

This was reinforced by the Data Protection Act 1998, inspired by the European push for consistent data standards, which broadened and deepened individuals’ protections. As Baron William of Mostyn put it, the 1998 law aimed “to improve the position of the citizens by enabling them to rely on the wide range of rights contained by the European Convention of Human Rights. It will … concern privacy, albeit a specific form of privacy: personal information privacy”—the very thing that’s under threat today.

Then came the EU’s General Data Protection Regulation (GDPR), establishing even tougher controls on how data could be collected, stored, and shared. The UK adopted these standards through the Data Protection Act 2018, which imposed stricter obligations on organisations concerning the collection, use, storage, and sharing of personal data.

Now, in 2025, a new bill is making its way through Parliament. If given royal assent, and thus become law, the Data (Use and Access) Bill will replace the ICO with a new body—the Information Commission. Very original. The law would also establish a framework for secure and efficient data sharing, which will allegedly boost public services and drive economic growth by freeing up valuable time for police and NHS staff.

There is no contesting that robust measures were imposed to protect personal data and uphold our right to privacy. Yet, in a striking twist, these very protections are undermined by the same branch that is supposed to uphold them. Despite decades of hard-won safeguards, their insistence of accessing encrypted data led to Apple withdrawing its ADP feature from the UK.

To understand how ADP worked, we can compare every iCloud user’s data to a private diary, securely sealed so that only its owner can read it. The government wanted Apple to create a mechanism to bypass that protection—a built-in way to automatically access those diaries.

Apart from evoking a 1984-style Orwellian flashback, this method would have been dangerously vulnerable to hackers and other bad actors, undermining the very protection that keeps your personal information secure. Rather than compromise its commitment to privacy and open the floodgates for other countries to follow the UK’s lead, Apple chose to withdraw ADP from the UK.

For UK users, that means losing a valuable shield of encryption, all because one side pushed too far in its demand for unrestricted access. Eventually, all UK customer data stored on iCloud will lose its encryption, granting Apple access and enabling sharing with law enforcement when warranted.

Time and again, history shows us that balancing security and privacy is no simple task. Where we draw the line between safeguarding society and safeguarding personal freedom remains as debatable as ever, and Apple’s decision is just the latest chapter in this ever-evolving story.

Update:

Apple has since filed an appeal to the Investigatory Powers Tribunal, which is a judicial body that handles complains against the UK security services. It is unclear whether the hearing will be made public. An update will be provided as soon as it’s available.