Welcome to this edition of Mailfence’s Privacy and Cybersecurity Newsletter! As technology advances quickly, privacy challenges grow in complexity. This month, AI privacy is centre stage with new laws, risks, and shifting regulations. Our mission remains to bring you clear insights and actionable tips to protect your digital life. Here’s what we’re covering this month:
- AI Browser Assistants: New Frontier for Surveillance?
- OpenAI’s ChatGPT Integrates Model Context Protocol (MCP) Tools
- EU’s Chat Control Proposal Paused — Victory for Privacy
- Italy’s AI Law: Europe’s First Strike on AI Privacy Risks
- Data Privacy Laws: UK’s Data Act Sparks New Compliance Landscape
AI Browser Assistants: New Frontier for Surveillance?
September 2025 raised alarms over AI-powered browser assistants embedded in popular extensions and tools that harvest extensive browsing data to offer real-time suggestions. Such assistants potentially expose users to unauthorized tracking and data harvesting without explicit consent.
Privacy experts warn that aggregated browsing histories can feed third-party ecosystems for targeted ads and identity theft, embedding users’ digital footprints into surveillance capitalism.
To limit risks, use privacy-focused browsers like Firefox or Brave and install tracker blockers such as uBlock Origin or Privacy Badger. Regularly clearing your browsing data is also beneficial.
Read More:
AI browsers share sensitive personal data, new study finds
AI web browser assistants raise serious privacy concerns
OpenAI’s ChatGPT Integrates Model Context Protocol (MCP) Tools
OpenAI’s ChatGPT now uses the Model Context Protocol (MCP) to connect with software like Gmail, Calendar, SharePoint, and Notion. This makes AI-driven workflows more powerful but can leak sensitive email and calendar data, especially through malicious calendar invites or compromised MCP servers.
Private email providers play a critical role here by ensuring end-to-end encryption, preventing AI tools or MCP servers from accessing email content. Their zero-access architectures reduce the risk of data leakage through AI integrations.
To safeguard your data, limit MCP tool permissions, avoid risking sensitive account connections, and choose email services with strong encryption (yours truly 🫶) and clear data policies.
Continue Reading:
ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails
EU’s Chat Control Proposal Paused – Victory for Privacy
The EU’s Chat Control proposal, which would have mandated scanning of encrypted app messages, has been temporarily halted due to strong opposition from Germany and Luxembourg. This pause highlights the ongoing struggle to balance law enforcement objectives with fundamental privacy rights.
While supporters emphasize child protection, critics caution against mass surveillance and the erosion of end-to-end encryption, potentially undermining secure communication.
To protect your private conversations, continue to use end-to-end encrypted communication tools, stay informed on regulatory changes, and support digital rights advocacy.
Read More:
TechRadar: Chat Control: The list of countries opposing the law grows, but support remains strong
Italy’s AI Law: Europe’s First Strike on AI Privacy Risks
On September 17, 2025, Italy became the first EU country to enact a comprehensive AI law aligned with the EU AI Act. The legislation sets strict controls on high-risk AI systems across healthcare, work, public administration, justice, education, and sports sectors. It mandates transparency in data processing, human oversight, bans manipulative AI use, and protects minors under age 14 by requiring parental consent.
Despite progress, critics flag enforcement gaps tied to cross-border data flows, raising concerns about users’ personal information being swept up by opaque AI systems without adequate control or remedy.
To protect yourself, review and limit data sharing with AI apps, opt for services with clear privacy policies, and disable personalized data collection features like tracking and recommendations.
Continue Reading:
Reuters: Italy Enacts AI Law Covering Privacy
European Commission: EU AI Act Alignment
Data Privacy Laws: UK’s Data Act Sparks New Compliance Landscape
The UK’s Data (Use & Access) Act 2025 came into force recently, easing some data sharing while tightening compliance requirements in areas like direct marketing and data subject access requests (DSARs). Companies now must create auditable, documented processes and respect clear consent and opt-out options.
For strong compliance, review, and monitor data workflows carefully, and give users the control to manage marketing preferences.
Read More:
UK Data Act Overview (National Law Review)
ICO Guide to Data Subject Access Requests
Recommended reading
- Global Data Breaches and Cyber Attacks in August 2025 (IT Governance)
- Cybersecurity & Privacy News and Analysis (Law360)
- What is Email Security? 9 Tips to Keep Your Email Secure (Mailfence blog)
- Business Email Security Best Practices – How to Protect Your Communications (Mailfence blog)
- 10 Best Secure Email Providers in 2025 (Mailfence blog)
That concludes this month’s newsletter!
Privacy remains a dynamic and vital concern requiring constant vigilance and informed choices. We hope these insights empower you to safeguard your digital footprint. Join us again next month for more updates from the forefront of privacy and cybersecurity.
Best,
Patrick
Get the latest privacy news in your inbox
Sign up to the Mailfence Newsletter.